Irish DPC slammed for allegedly failing to fine Meta enough

Irish DPC slammed for allegedly failing to fine Meta enough

The European Center for Digital Rights (noyb) claims the Irish authorities fined Meta only a fraction of what they should have.

Noyb issued a letter to the Irish Data Protection Commission (DPC) this week sharply criticizing the privacy agency for “letting Meta off the hook”. The non-profit is referring to the height of the fine that Meta was recently ordered to pay for violating the GDPR over the past few years.

In its role as a champion of consumer rights, noyb (short for ‘none of your business’) has been tireless in rooting out GDPR infractions and filing the actions to ensure that tech companies pay. The non-profit has often found itself at loggerheads with the Irish DPC over how aggressive Europe should be in prosecuting and penalizing US tech giants when they run afoul of EU laws.

DPC

Critics have long seen Ireland as being “in the pocket” of tech companies like Google, Microsoft, Twitter and Meta — all of whom have their EU or global headquarters located in Dublin.

In the past, organizations like noyb have taken the Irish DPC publicly to task for failing to enforce the GDPR. The agency was confronted in 2021, for instance, when noyb published documents showing that it had lobbied for social networks not to need user consent within EU privacy rules.

€4 billion too low

In its letter, noyb argues that Meta should have been made to pay the statutory minimum of 4 percent of the company’s income. This means that Meta would have to pay €4.6 billion rather than the €390 million the DPC assessed.

Meta itself claims that the offending ads make up the core of its business model. “Even if only 6,01 percent of Meta’s IE revenue stemmed from behavioural advertisement, the maximum GDPR fine of 4 percent would be reached”, noyb argues.

“It is absolutely unrealistic that behavioural advertisement would account for less than 6,01 percent of all revenue by Meta IE. Consequently, the Irish DPC would have to apply the maximum fine of 4 percent to even remotely comply with the requirements of the EDPB decision.”