On Wednesday, the Irish Data Protection Commission (DPC) announced that US social media giant Meta has been fined a total of €390 million ($413 million) for violating EU personal data laws on Facebook and Instagram. This marks the latest in a series of fines and penalties that have been imposed on Meta and other Big Tech firms by the EU in recent years, as the bloc has tightened its online regulation. The DPC stated that Meta had breached “its obligations in relation to transparency” and used an incorrect legal basis “for its processing of personal data for the purpose of behavioural advertising.” As a result, the DPC has issued final fines of €210 million on Meta Ireland in relation to Facebook and €180 million in relation to Instagram, both for violating the General Data Protection Regulation (GDPR).

The decision follows binding decisions made by the European Data Protection Supervisor (EDPS) last month regarding Meta’s treatment of personal data. One of these rulings concerns Meta’s instant messaging division, WhatsApp, with the DPC set to announce a separate verdict next week. The internet giant’s European operations are based in Dublin, along with those of several other major global tech companies including Google, Apple, and Twitter, and the DPC is responsible for regulating them.

ALSO READ: Nigeria’s 2023 military budget might fall back to $2bn – Experts

Meta, which is led by Mark Zuckerberg, has expressed its disappointment with the DPC’s decision and has announced its intention to appeal. The company stated that it “strongly believes its approach respects GDPR,” and that it is “therefore disappointed by these decisions and intends to appeal both the substance of the rulings and the fines.” Meta also emphasized that the decisions “do not prevent targeted or personalised advertising” and relate “only to which legal basis Meta uses when offering certain advertising.” The latest case was sparked by complaints from privacy campaigning group Noyb that Meta’s three app services failed to meet Europe’s strict data protection rules.