Meta Platforms Inc., the parent company of social media giants Facebook, Instagram, and WhatsApp, has been hit with a €390m euros (£346m) fine by the Irish Data Protection Commission (DPC) for breaches of the General Data Protection Regulation (GDPR).
The company was found to have failed to establish a lawful basis for processing personal data in connection with its services, including personalised advertisements. The fine represents one of the enormous penalties imposed on a tech company under GDPR since its implementation in 2018.
The GDPR is a comprehensive data protection law that governs the processing of personal data for individuals within the United Kingdom. It sets out a regulatory framework that organisations must adhere to in order to ensure the protection of individual privacy rights.
Key components of the GDPR compliance framework include obtaining consent, establishing a lawful basis for processing data and implementing appropriate security measures to protect personal data. The GDPR guidelines require organisations to lawfully, fairly, and transparently process personal data.
This means there must be a justifiable reason for collecting and using personal data, and individuals should be informed about how their data will be used. Additionally, GDPR procedures mandate that personal data should be collected only for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
In the case of Meta, the DPC found that the company had not established an appropriate lawful basis for processing personal data in connection with its services, including delivering personalised advertisements. This breach of the GDPR compliance framework has resulted in a hefty fine imposed by the Irish regulator.
The DPC’s decision has far-reaching implications for other companies operating within the EU, particularly those involved in processing personal data for advertising purposes. It highlights the need for businesses to ensure they have a strong GDPR compliance framework in place, taking into account the various GDPR guidelines and procedures.
So, to ensure compliance with GDPR procedures, businesses should consider the following steps:
Given the complexity of the GDPR compliance framework and the potential consequences of non-compliance, it is advisable for businesses to seek the guidance of a law professional, such as a barrister, to help navigate the regulations. A legal expert can provide advice on GDPR guidelines and assist in implementing best practices to ensure compliance with GDPR procedures.
The DPC’s ruling against Meta highlights the importance of proper GDPR compliance for UK and EU-based businesses. As regulatory authorities continue to crack down on companies that fail to adhere to GDPR guidelines, organisations must take the necessary steps to ensure their GDPR procedures are up-to-date and effective.
To guarantee your business adheres to GDPR regulations, it is advisable to seek assistance from a GDPR expert who can offer professional counsel and direction. The team at Briefed consists of barristers focusing on GDPR and data protection, ready to give you the necessary guidance.
With our support, your business will be GDPR-compliant and capable of handling personal data securely and responsibly. Contact us today to begin!
Orlagh Kelly is a barrister, tech visionary and disruptor. In the past 20 years she has established two successful businesses....
With Data Privacy Week spanning from 24th – 28th January, Briefed want to join the international effort to create awareness about data privacy and the pitfalls affecting the legal industry...
The UK General Data Protection Regulation (GDPR) is designed to protect the personal data of individuals in the United Kingdom...