LONDON (AP) — European Union regulators on Wednesday slapped Facebook parent Meta with hundreds of millions in fines for privacy violations and barred the company from forcing users in the 27-nation bloc to accept personalized ads on Facebook. based on your online activity.

The Irish Data Protection Commission imposed two fines totaling 390 million euros ($414 million) in its decision in two cases that could shake up Meta’s business model of targeting users with ads based on what they do online. The company says it will appeal.

A decision in a third case involving Meta’s WhatsApp messaging service is expected later this month.

Meta and other Big Tech companies have come under pressure from the European Union’s privacy rules, which are some of the strictest in the world. Irish regulators have already slapped Meta with four other fines for data privacy breaches since 2021 that total more than 900 million euros and have a large number of other cases open against various Silicon Valley companies.

Meta is also facing regulatory headaches from EU antitrust officials in Brussels flexing their muscles against the tech giants: They accused the company last month of misrepresent competition in classified ads.

The Irish watchdog, Meta’s main European data privacy regulator because its regional headquarters are in Dublin, fined the company €210 million for breaches of EU data privacy rules involving Facebook. and an additional 180 million euros for infringements involving Instagram.

The decision stems from complaints filed in May 2018 when the 27-nation bloc’s privacy rules, known as the General Data Protection Regulation, or GDPR, went into effect.

Previously, Meta relied on obtaining informed consent from users to process their personal data and show them personalized or behavioral ads, which are based on what users search for online, the websites they visit, or the videos they watch. click.

When the GDPR came into force, the company changed the legal basis under which it processes user data by adding a clause to the ads’ terms of service, forcing users to agree that their data could be used. That violates EU privacy rules.

The Irish watchdog initially sided with Meta but changed its position after its draft decision was sent to a board of EU data protection regulators, many of whom opposed it.

In its final decision, the Irish watchdog said Meta «is not entitled to rely on the legal basis of ‘contract'» to run behavioral ads on Facebook and Instagram.

Meta said in a statement that «we strongly believe our approach is GDPR compliant and are therefore disappointed by these decisions and intend to appeal both the content of the rulings and the fines.»

Meta has three months to ensure that its «processing operations» comply with EU rules, although the ruling does not specify what the company must do. Meta noted that the decision does not prevent it from displaying personalized ads, it only covers the legal basis for handling user data.

Max Schrems, the Austrian lawyer and privacy activist who filed the complaints, said the ruling could deal a big blow to the company’s profits in the EU because «now you have to ask people if they want their data to be used for advertising or not». ” and they can change their mind at any time.

“The decision also ensures a level playing field with other advertisers who also need to obtain opt-in consent,” he said.

Making changes to comply with the decision could increase costs for a company already facing growing business challenges. Goal reported two straight quarters of declining revenue as ad sales fell due to competition from TikTok, and laid off 11,000 workers amid broader tech industry woes.