Meta challenges €395m fines from Ireland’s data protection regulator

DPC had imposed fines for GDPR breaches by Facebook and WhatsApp, and over Meta’s operation of Instagram services

Meta's corporate headquarters in Menlo Park, California.  Two Irish-based subsidiaries of the social media giant Meta have brought High Court challenges against the Data Protection Commission’s decisions to fine the companies some €395 million. Photograph: John G Mabanglo/EPA
Meta's corporate headquarters in Menlo Park, California. Two Irish-based subsidiaries of the social media giant Meta have brought High Court challenges against the Data Protection Commission’s decisions to fine the companies some €395 million. Photograph: John G Mabanglo/EPA

Two Irish-based subsidiaries of the social media giant Meta have brought High Court challenges against the Data Protection Commission’s (DPC’s) decisions to fine the companies some €395 million.

The first of the challenges has been brought by Meta Platforms Ireland Ltd after it was fined following the conclusion of two investigations by the DPC into the operation of Meta’s delivery of its Facebook and Instagram services.

These fines, totalling €390 million, were imposed for breaches by Facebook of the General Data Protection Regulation (GDPR) – the EU regulation governing how personal data can be used, processed, and stored – and over the operation of Instagram services.

Meta was given three months to bring its data processing operations into compliance.

READ SOME MORE

In a second set of proceedings, WhatsApp Ireland Ltd, whose ultimate parent is Meta, is challenging the DPC’s decision of January 12th to fine it €5.5 million for GDPR breaches.

Represented by Declan McGrath SC, Meta Platforms Ireland seeks various orders from the High Court including one quashing the DPC’s decision to fine it €390 million.

Meta seeks various declarations from the court including that various sections of Irish laws concerning data protection are invalid and unconstitutional.

It further seeks declarations that certain sections of the GDPR are incompatible with the European Convention on Human Rights and the EU Charter.

Meta’s record fine would break smaller business, but this tech giant has little to fearOpens in new window ]

Meta claims the DPC erred in law and acted outside of its powers in arriving at the decisions.

It claims the DPC had regard to information that was irrelevant when it arrived at its decisions against Meta.

It claims the DPC gave too much consideration to instructions made by the European Data Protection Board (EDPB) which, it is claimed, unlawfully instructed its Irish counterpart to increase the fines imposed on Meta.

It is also claimed the DPC acted outside of its powers by expanding its investigation beyond the scope of the complaints and had regard for material other than what it had gathered in the inquiry process.

The decision was made in breach of the requirements of fair procedures, due process and the right to a defence, it is claimed.

The proceedings are against the DPC, Ireland and the Attorney General.

In his submissions to the court, Mr McGrath said similar cases have been brought by his clients against the DPC before the Irish and European Courts.

These proceedings may take some time to be determined and finalised, counsel said.

In both applications, the NOYB European Centre for Digital Rights, which made the complaints with the DPC that resulted in the fines, have been added as a notice party.

Brian Kennedy SC, for WhatsApp, said his client’s challenge has been brought on similar grounds to Meta’s.

The applications came before Mr Justice Charles Meenan on Monday.

While only the applicants were in court and notified of the applications, the judge gave them permission to pursue their challenges. The matters will return to court next month.