2022 was a rough year for Meta.
In the fields of competition and protection of personal data, due to its practices that harm consumers a total of 786 million Euros of administrative fines were imposed throughout 2022 on the technology giant. This situation constitutes one of the striking examples of compliance with sectoral legislation.
November 2022: Turkish Competition Authority and Ireland DPC
On 20 November 2022, the Turkish Competition Authority concluded its investigation against Meta Platforms, Inc., Meta Ireland Limited, and WhatsApp LLC. According to the Turkish Competition Authority, Meta Inc. has a dominant position in the market. In the investigation conducted against Meta, Turkish CA imposed an administrative fine of 346,717.193,40-TL, based on the fact that he combined the data collected from Facebook, Whatsapp, and Instagram, causing disruption of competition by complicating the activities of his competitors and creating barriers to entry to the market. The reasoned decision has not yet been published.
At the same time, as we explained in our previous articles, the Irish Data Protection Authority has imposed an administrative fine of € 405 million due to insufficient data protection policies and insufficient security due to the use of corporate accounts on Instagram by children.
Finally, in 2018-2019, the personal data of 533 million people from 16 countries were leaked by data scraping due to insufficient technical and administrative measures. As a result, the Irish Data Protection Authority fined Meta € 265 million euros. Meta officials stated that the decision is being reviewed and data scraping is not acceptable in their data policy.
September 2022: South Korea Data Protection Authority
In September, South Korea's Data Protection Authority fined $22 million (₩30.8 billion) for Meta's failure to obtain lawful consent in the process of collecting information from users who visit its websites and use apps for customized advertisements, among other websites.
March 2022: Irish Data Protection Authority
Due to the receipt of twelve data breach notifications in the six-month period between 7 June 2018 and 4 December 2018, the Irish Data Protection Authority initiated an ex officio investigation.
The Irish Data Protection Authority has determined that Meta violates Articles 5(2) and 24(1) of the GDPR (General Data Protection Regulation). At the same time, the Irish Data Protection Authority found that the information and documentation provided by Meta in the investigation could be considered similar to market best practices and cutting-edge technology, appropriate technical and administrative measures that will enable Meta to easily demonstrate the security measures it has in place to protect EU users' data in the context of twelve personal data breaches. It was determined that the measures were not available.
Accordingly, the Irish Data Protection Authority found a violation of Articles 5(2) and 24(1) GDPR and imposed an administrative fine of €17 million for the violation of Article 5(2) GDPR.
January 2022: France Data Protection Authority
In January, the French Data Protection Authority (Commission Nationale de l'informatique et des Libertés) imposed an administrative fine of € 60 million because the opt-out of cookies was not as easy as accepting opt-in cookies. In fact, the fact that consumer data is easier to process through cookies constitutes a violation of Article 82 of the French Data Protection Law.
Conclusion
As can be seen, Meta Inc. An administrative fine of up to € 768 million was imposed in 2022. The basis of administrative penalties is the failure to process the consumer's data, that is, the users, in accordance with the legislation, obtaining the data of the users due to data scraping, anti-competitive practices, and violation of data protection principles and legislation in general.
Although Meta and Meta's subsidiaries dominate the market, the fines Meta received in 2022 are a striking example of how essential regulatory compliance, accurate data, and business strategies are.
Commenti