In a pair of landmark decisions this week, European Union (EU) officials determined that the American tech company, Meta, failed to properly solicit consent from Instagram and Facebook users before sharing personal data with advertisers. Regulators determined that this decision was tantamount to forcing users to accept personalized ads, and was a violation of the EU’s General Data Protection Regulation (GDPR). Meta was fined $414 million for this violation. The ruling underscores the lack of tools in the United States that would hold social media platforms to a higher standard.
“The EU has been leading the way when it comes to regulating online platforms, and this decision is no different,” said Council for Responsible Social Media Co-chair and former House Majority Leader Dick Gephardt (D-MO). “Because the EU already has comprehensive data privacy protections in place, they are able to hold one of the most powerful corporations in the world accountable. These regulatory tools are clearly missing in the United States.”
The GDPR is one of the most comprehensive data protection laws in the world. The law places significant responsibilities and restrictions on any vendor that targets or collects data within the EU — including defining personal data and restricting its collection, requiring implementation of data security measures, and empowering regulators to impose fines for violations. To date, the U.S. Congress has failed to take any meaningful measures to protect the sensitive information of Americans online, despite bipartisan frameworks on the table.
This decision marks the end of an investigation into Meta that began on May 25, 2018, the day the EU’s GDPR went into effect. This decision, which Meta plans to appeal, could have significant implications for Facebook and Instagram’s business practices and their users. According to Max Schrems, the Austrian privacy activist whose complaint launched the investigation against Meta, this decision means that Meta now needs to affirmatively ask users whether they want their data to be used for ads or not, and allow users to change their mind at any time.
“This decision should be a wake up call for members of Congress,” said Council for Responsible Social Media Co-chair Kerry Healey, the former Republican lieutenant governor of Massachusetts. “We have to be able to trust that our personal information will be collected and handled in a safe way, and that we can control who has access to it. Right now, Americans don’t have that right. Members of Congress need to come together to give Americans the comprehensive privacy protections they need and deserve.”
The Council for Responsible Social Media launched in October 2022 with a mission to bring accountability, transparency, and responsibility to the dominant social media platforms. Learn more about the Council for Responsible Social Media.