DUBLIN: Social media giant Meta has been fined an additional 5.5 million euros ($5.9 million) for violating EU data protection regulations with its instant messaging platform WhatsApp, Ireland’s regulator announced Thursday.
The penalty follows a far larger 390-million-euro fine for Meta’s Instagram and Facebook platforms two weeks ago after they were found to have flouted the same EU rules.
In its new decision, the Irish Data Protection Commission (DPC) found the group acted “in breach of its obligations in relation to transparency,” the watchdog said in a statement.
In addition, Meta relied on an incorrect legal basis “for its processing of personal data for the purposes of service improvement and security,” the DPC added, giving the group six months to comply.
The fine was imposed by the Irish regulator because Meta — along with other US tech firms — has its European headquarters in Dublin.
In response on Thursday, Meta said it was opposed to the DPC decision and would look to overturn it.
“We strongly believe that the way the service operates is both technically and legally compliant,” a WhatsApp spokesperson said.
“We disagree with the decision and we intend to appeal.”
The breaches are similar to those explained in the regulator’s action against Meta earlier in January.
But the earlier decision also accused the Meta platforms of breaking rules over the processing of personal data for the purpose of targeted advertising.
In that instance the company, co-founded by social media magnate Mark Zuckerberg, was given only three months to respond to comply with the Irish regulator.
Meta announced its intention to appeal the 4 January decision, adding the regulatory ruling did not prevent targeted or personalized advertising.
The DPC said its more recent fine was considerably less because of a 225 million euro fine imposed on WhatsApp for “for breaches of this and other transparency obligations over the same period of time.”
Thursday’s Whatsapp fine was also far lower because it did not relate to targeted advertising.
The Irish regulator had fined Meta 405 million euros in September for failures in handling the data of minors, and 265 million euros in November for not sufficiently protecting users’ data.
This latest round of fines follows the adoption of three binding decisions by the European Data Protection Board (EDPB), the EU’s data protection regulator, in early December.
The Vienna-based privacy group NOYB, which brought the three complaints against Meta in 2018, had accused the social media behemoth of reinterpreting consent as a civil law contract, which stopped users from refusing targeted advertising.
In reaction to Thursday’s news, NOYB criticized the “tiny” size of the latest fine — and slammed the DPC for ignoring how WhatsApp shares data within the group for advertising purposes.
“We are astonished how the DPC simply ignores the core of the case after a 4.5-year procedure,” said NOYB founder Max Schrems.
In October 2021, the Irish authority had proposed a draft decision that validated the legal basis used by the group and suggested a fine of up to 36 million euros for Facebook and up to 23 million euros for Instagram, over their lack of transparency.
France’s CNIL regulator and other European bodies disagreed with the draft sanction, which they considered to be far too low.
They asked the EDPB to judge the dispute with the EU data regulator deciding in their favor.
The EDPB has also asked the Irish regulator to investigate Meta’s use of personal data.
However in its statement the DPC pushed back saying the EU body does not have the power to “direct an authority to engage in open-ended and speculative investigation.”
The regulator said it will seek to annul the EDPB’s request before the European Union’s Court of Justice.
Meta slapped with 5.5 mn euro fine for EU data breach
https://arab.news/p9nwz
Meta slapped with 5.5 mn euro fine for EU data breach
- Penalty follows a far larger 390-million-euro fine for Meta’s Instagram and Facebook platforms earlier in January
- DPC said Meta acted “in breach of its obligations in relation to transparency”
Grok faces more scrutiny over deepfakes as Irish regulator opens EU privacy investigation
- The regulator says Grok has created and shared sexualized images of real people, including children. Researchers say some examples appear to involve minors
- X also faces other probes in Europe over illegal content and user safety
LONDON: Elon Musk’s social media platform X faces a European Union privacy investigation after its Grok AI chatbot started spitting out nonconsensual deepfake images, Ireland’s data privacy regulator said Tuesday.
Ireland’s Data Protection Commission said it notified X on Monday that it was opening the inquiry under the 27-nation EU’s strict data privacy regulations, adding to the scrutiny X is facing in Europe and other parts of the world over Grok’s behavior.
Grok sparked a global backlash last month after it started granting requests from X users to undress people with its AI image generation and editing capabilities, including putting females in transparent bikinis or revealing clothing. Researchers said some images appeared to include children. The company later introduced some restrictions on Grok, though authorities in Europe weren’t satisfied.
The Irish watchdog said its investigation focuses on the apparent creation and posting on X of “potentially harmful” nonconsensual intimate or sexualized images containing or involving personal data from Europeans, including children.
X did not respond to a request for comment.
Grok was built by Musk’s artificial intelligence company xAI and is available through X, where its responses to user requests are publicly visible.
The watchdog said the investigation will seek to determine whether X complied with the EU data privacy rules known as GDPR, or the General Data Protection Regulation. Under the rules, the Irish regulator takes the lead on enforcing the bloc’s privacy rules because X’s European headquarters is in Dublin. Violations can result in hefty fines.
The regulator “has been engaging” with X since media reports started circulating weeks earlier about “the alleged ability of X users to prompt the @Grok account on X to generate sexualized images of real people, including children,” Deputy Commissioner Graham Doyle said in a press statement.
Spain’s government has ordered prosecutors to investigate X, Meta and TikTok for alleged crimes related to the creation and proliferation of AI-generated child sex abuse material on their platforms, Spanish Prime Minister Pedro Sánchez said on Tuesday.
“These platforms are attacking the mental health, dignity and rights of our sons and daughters,” Sánchez wrote on X.
Spain announced earlier this month that it was pursuing a ban on access to social media platforms for under-16s.
Earlier this month, French prosecutors raided X’s Paris offices and summoned Musk for questioning. Meanwhile, the data privacy and media regulators in Britain, which has left the EU, have opened their own investigations into X.
The platform is already facing a separate EU investigation from Brussels over whether it has been complying with the bloc’s digital rulebook for protecting social media users that requires platforms to curb the spread of illegal content such as child sexual abuse material.
