Facebook, Instagram may face huge fines for using your data without permission
A European Commission (EU) investigation is spelling bad news for Facebook and Instagram.
The EU has notified Meta, the parent company of Facebook and Instagram, that its "pay or consent" personalized advertising model violates the Digital Markets Act (DMA).
"Our investigation aims to ensure contestability in markets where gatekeepers like Meta have been accumulating personal data of millions of EU citizens over many years," said the European Commission's Margrethe Vestager in a statement on Monday. "Our preliminary view is that Meta’s advertising model fails to comply with the Digital Markets Act. And we want to empower citizens to be able to take control over their own data and choose a less personalized ads experience."
You May Also Like
The EU now puts the ball in Meta's court. The social media giant now has the right to mount a defense to the findings and send a reply to the EU as the investigation continues. As per the law, the EU must conclude the DMA investigation within 12 months of the date, which started on March 25, 2024.
If the investigation finds that Meta was in non-compliance with the DMA, the Commission can fine Facebook and Instagram's parent company a whopping 10 percent of its total worldwide turnover.
Meta's "pay or consent" model
In March, Mashable reported about a number of EU investigations into Big Tech companies to determine their compliance with the newly enacted DMA. The DMA basically forces "gatekeeper" companies to open up their platforms to third-parties in order to spur competition.
One of those investigations was into Meta for its "pay or consent" model implemented on Facebook and Instagram.
Gatekeeper companies must receive consent from its users in the EU when sharing user data between their core platforms. This means that if Meta wants to share a Facebook or Instagram user's account data so that it can serve personalized ads, it must get explicit permission to do so. Just entering their account details on a social media platform does not give the company consent for the secondary use of that user's data via another one of its platforms.
However, Meta has run its business under the belief that the "pay or consent" model adheres to the DMA rules. Basically, Meta argues that the company offers a paid subscription to users on Facebook and Instagram, which provides an ad-free experience. If a user does not subscribe to its paid offering, according to Meta, then they have chosen to consent to their data being used for advertising purposes.
The European Commission's preliminary findings have determined that Meta's "pay or consent" model does not comply with the DMA.
"Under Article 5(2) of the DMA, gatekeepers must seek users' consent for combining their personal data between designated core platform services and other services, and if a user refuses such consent, they should have access to a less personalized but equivalent alternative," the EU's statement said. "Gatekeepers cannot make use of the service or certain functionalities conditional on users' consent."
To be clear, the EU is saying that Facebook and Instagram cannot serve personalized ads to a user, even if they aren't a paying subscriber to the platforms, unless they have received consent from that user.
It will be interesting to see Meta's response to the EU's findings. If the final investigation rules against the company, it must comply with the DMA or face even further fines, which can climb to as much as 20 percent of total global turnover for repeated infringement. According to the Commission, "systemic non-compliance" can lead to further actions, including banning the gatekeeper company from acquisitions or requiring it to sell all or part of its business.
