Does the $400 Million DPC Decision Against Meta Take “Necessity” into Account?
January 26, 2023
Meta kicked off the New Year with a fine of over $400 million levied by the Irish Data Protection Commission (DPC) for breaching EU privacy laws. These new sanctions were added to multiple privacy fines for Meta in Europe last year. This time the DPC was forced by the European Data Protection Board (EDPB) to find that Meta violated the General Data Protection Regulation (GDPR) in relying on its contractual relationship with Facebook and Instagram users as the basis for using user data in personalized advertising. The core disagreement was whether it is lawful for Meta to treat user data for personalized advertising as “necessary for the performance” of the contract between Meta and its users. However, what actually determines whether any specific component is “necessary” is the balance of costs and benefits from the business model’s technological and economic components. In the Meta decision, the EDPB got it wrong.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.