Meta alleges DPC’s €405m Instagram fine is unconstitutional

The Irish arm of technology giant Meta has claimed before the High Court that the Data Protection Commission’s decision to fine it €405 million for breaching the privacy rights of teenagers is unconstitutional.

The DPC issued the fine last September after investigating GDPR breaches.

In judicial review proceedings aimed at overturning the fine, Meta Platforms Ireland Ltd claims certain sections of the 2018 Data Protection Act, the legislation that established the DPC, are unconstitutional.

Meta says the large fine imposed on it amounts to a criminal sanction and the administration of judicial powers by the DPC.

Fintan O'Toole: We are facing the terrifying result of the West’s three stupid mistakes in the Middle East

---

‘Ireland is a country of people who are very friendly, no shooting’

---

O’Gara’s role as pantomime villain added further fuel to Leinster fire

---

Blue Lights review: This compelling show is a rare spark in the moribund world of Irish crime television

---

The DPC is not entitled to act in this manner as it breaches aspects of the Constitution that concern the administration of justice, Meta claims.

It also alleges the decision breaches the EU Charter on Fundamental Rights and the European Convention on Human Rights, including the right to a fair hearing.

The applicant, formerly known as Facebook Ireland, is a subsidiary of the US-based Meta Platforms, which owns the platforms Facebook, Instagram and WhatsApp.

[ DPC unable to fine Facebook, Instagram on basis of profits earned from illegal data processing ]

The Irish company is the controller and service provider for Meta’s platforms in the European region.

The case arises following the DPC inquiry into Meta’s historic processing of the data of Instagram users between the ages of 13 and 17 between May 2018 and September 2020.

The probe concerned the automatic publication of teenage Instagram users’ mobile phone numbers and email addresses under default settings on the app’s “business account” service.

Instagram has since changed this default setting.

Contact data

The inquiry also concerned the processing of business contact information for all users, including teens, who chose to switch their Instagram accounts to business accounts.

The DPC is the lead supervisory authority regarding cross-border processing activities carried out by Meta.

Meta claims the DPC’s decision is unlawful, disproportionate and impaired by errors of law.

It also submits that the DPC took irrelevant matters into account when arriving at its decision.

There was also a failure by the DPC to give adequate reasons for its decision, it is further submitted.

The DPC also erred in arriving at the total amount of the fines imposed and wrongfully taking Meta’s global turnover into account.

Meta claims its turnover has not been identified as a relevant factor when such fines are being calculated.

The DPC failed to have any regard for fines imposed for comparable breaches in other inquiries, it is also submitted.

In its action against the DPC, Ireland and the Attorney General, Meta seeks an order quashing the decision of last September 2nd to issue 10 administrative fines totalling €405 million against the company.

[ EU Ombudsman seeks improvements to DPC reports to European Commission ]

It also seeks several declarations including that sections of the 2018 Data Protection Act are invalid and contrary to the Constitution, the European Convention on Human Rights and that the decision was arrived at in breach of various articles of the EU Charter of Fundamental Rights

Meta further seeks to have certain aspects of this action referred to the Court of Justice of the European Union for a preliminary ruling.

The matter came before Mr Justice Charles Meenan on Monday.

The judge, while only Meta was represented in court, gave the company permission to pursue its action.

The matter was adjourned to a date in February.