Social media giant Meta has been fined an additional 5.5 million euros ($5.9 million) for violating EU data protection regulations by instant messaging platform WhatsApp, Irish regulators announced Thursday.
The penalty follows a 390 million euro fine for Meta-owned media platforms Instagram and Facebook two weeks ago after they were found to be in breach of similar EU rules.
In a recent decision, the Irish Data Protection Commission (DPC) found the group “breached its obligations regarding transparency,” the watchdog said in a statement.
In addition, Meta relies on an incorrect legal basis “to process personal data for the purpose of service improvement and security,” the DPC added, giving the group six months to enforce its data operations.
The violations are similar to those described in the regulator’s action against Meta in early January.
But the previous decision also accused the Meta platform of violating the rules on the processing of personal data for the purpose of targeted advertising.
In the case, the company, co-founded by social media personality Mark Zuckerberg, was given just three months to respond to comply with Irish regulators.
Meta announced its intention to appeal the January 4 decision, adding that the regulations do not prevent targeted or personalized advertising.
The DPC said the more recent fine was lower than the 225 million euro fine imposed on WhatsApp for “breach of this and other transparency obligations during the same period”.
Whatsapp’s fine on Thursday was also lower because it was not related to targeted advertising.
Irish regulators fined Meta 405 million euros in September for failing to handle minors’ data, and 265 million euros in November for not adequately protecting user data.
This latest round of fines follows the adoption of three binding decisions by the European Data Protection Board (EDPB), the EU’s data protection regulator, in early December.
Vienna-based privacy group NOYB, which brought three complaints against Meta, has accused the social media giant of interpreting the agreement as a civil law contract, which stops users from opting out of targeted advertising.
In October 2021, the Irish authorities proposed a draft decision that validated the legal basis used by the group and proposed fines of up to 36 million euros for Facebook and up to 23 million euros for Instagram, for lack of transparency.
France’s CNIL regulator and other European bodies disagreed with the draft sanctions, which they considered too weak.
They asked the EDPB to arbitrate the dispute with the EU data regulator who decided to vote.
The EDPB has also asked Irish regulators to investigate Meta’s use of personal data.
However, in its statement, the DPC denied saying that EU bodies do not have the power to “direct the authority to engage in open and speculative investigations”.
The regulator said it would seek to overturn the EDPB’s request before the Court of Justice of the European Union.
The latest DPC fines are offset by Meta’s multi-billion dollar revenue, but the company has been battered by a global advertising slump and stagnant user numbers.
Meta said in November that it will ax more than 11,000 staff after profits more than halved to $4.4 billion in the third quarter.
The group’s European operations are based in Dublin, along with a number of global tech giants including Apple and Google, so Ireland’s data protection agency is the main regulator responsible for holding the accounts.