The Irish Data Protection Commission, which has arguably more active in enforcing the GDPR than any other European data protection body, issued Meta a $390M Euro fine over its mechanisms and basis for collecting data for personalized ads.
Although Meta has announced it will appeal the decision, the ruling is the result of an official complaint filed May 25, 2018--the very day the GDPR took effect.
Meta has been one of the most frequent targets for European data protection agencies, with the company racking up nearly a billion dollars in violations over the past few years. This decision and fine may be the most significant, as it sets the stage for the social media giant to overhaul its personalized advertising model.
The Irish DPC claimed Meta's current model violates Article 6 of the GDPR, which outlines legal bases for data collection. Meta currently foregoes an opt-in/out to data collection and instead has codified the practice in the platform's mandatory service agreement, meaning users must accept the practice to use its platforms.