The Facebook owner’s lead data protection watchdog in the region, the Irish Data Protection Commission (DPC), announced today that it’s adopted final decisions on two of these long-running enquiries — against Meta owned social networking site, Facebook, and social photo sharing service, Instagram.These new sanctions add to a pile of privacy fines for Meta in Europe last year — including a €265M penalty for a Facebook data-scraping breach; €405M for an Instagram violation of children’s privacy; €17M for several historical Facebook data breaches; and a €60M penalty over Facebook cookie consent violations — making for a total of €747M in (publicly disclosed) EU data protection and privacy fines handed down to the adtech giant in 2022.The decision also ensures a level playing field with other advertisers that also need to get opt-in consent.” Given how central Meta’s tracking and targeting ad model remains to its business, the tech giant is extremely likely to appeal the decisions — and if it does that it could open up fresh delays while legal arguments against the now ordered enforcement play out in the courts.In particular, this subset of CSAs took the view that Meta Ireland should not be permitted to rely on the contract legal basis on the grounds that the delivery of personalised advertising (as part of the broader suite of personalised services offered as part of the Facebook and Instagram services) could not be said to be necessary to perform the core elements of what was said to be a much more limited form of contract.“Facebook and Instagram are inherently personalised, and we believe that providing each user with their own unique experience – including the ads they see – is a necessary and essential part of that service,” Meta writes."