For every day that Meta remains out of compliance during the 90-day period, it will be assessed the equivalent of $100,000. The fine period would run until the end of October, and should Meta be out of compliance for the full duration it would end up paying a total of $9 million.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
Meta is facing a total of $20 million in fines in Australia due to misleading consumers about personal data usage. Facebook Israel and VPN service Onavo Protect promised to keep user data private and safe, but were sharing collected personal information with Meta for use in its targeted advertising systems.
Though this particular case only applies to its plaintiff, human rights advocate Tanya O’Carroll, the ICO-backed decision will likely have to inform the company's broader UK targeted advertising policy as others could launch similar suits.
A 2019 incident in which user passwords were inadvertently stored in plaintext has netted a €91 million GDPR fine for Meta from Ireland's DPC, though access to the password storage was limited to Meta workers on an internal company network.
Meta has now lost that case in the EU's highest court, opening the door for other antitrust law investigations in the bloc to incorporate data privacy violations and frame them as part of a systemic abuse of market position.
A new record for GDPR fines has been set as the European Data Protection Board (EDPB) is requiring Meta to pay $1.3 billion for its international data transfers related to the dissolution of the Privacy Shield framework.
The Cambridge Analytica scandal of 2018 is still not quite out of the news yet, as investigations around the world continue to wrap up. Australia's Information Commissioner has agreed to a $50 million AUD privacy settlement over the violations.
The CEOs of the two companies cited the EU's "inconsistent" and "fragmented" AI regulations as the central reason for the delays in rollout of products to European customers and developers. Meta paused the release of new AI models in the EU in June.
Meta has suspended its generative AI tools in Brazil indefinitely as it seeks talks with ANPD about the issue. ANPD has said that Meta must change its privacy policy to exclude a section related to the processing of personal data for generative AI training.
Spain's statement on privacy concerns notes that the election tools gather the name, IP address, age and gender of Facebook and Instagram users, without an indication that this much personal data could be tied to what political content voters view and interact with.










