Italian Competition Authority: a sanction of EUR 3.5 million to Meta for unfair commercial practices

The Italian Competition Authority has imposed a EUR 3.5 million fine on Meta Platforms Ireland Ltd. and its parent company, Meta Platforms Inc., for engaging in two unfair commercial practices related to the registration and management of Facebook and Instagram accounts.

The Authority found that Meta violated Articles 20, 21, and 22 of the Consumer Code by failing to provide clear information to users about the collection and use of their personal data for commercial purposes during the Instagram registration process via the web. This omission left users uninformed about how their data would be utilized for advertising and other commercial activities.

Additionally, the Authority determined that Meta did not adequately handle the suspension of Facebook and Instagram accounts, which is a breach of Article 20 of the Consumer Code. Specifically, Meta did not clarify whether account suspensions were the result of automated processes or human review. Furthermore, the company failed to inform users about their options for contesting suspensions, such as appealing to an out-of-court dispute resolution body or a judge, and imposed a restrictive 30-day deadline for consumers to challenge suspensions.

In response to these findings, Meta has ceased the unfair practices during the course of the proceedings.

CAIDP EUROPE applauds the action of the Italian Competition Authority. This rapid intervention is particularly commendable given the challenges faced by some data protection authorities (DPAs), who may be obstructed by jurisdictional issues—Meta Platforms is incorporated in Ireland, making the Irish DPA the lead supervisory authority. Coordination among DPAs can take time, but the Italian Authority's swift action ensures immediate consumer protection.

Furthermore, the EUR 3.5 million fine represents an effective sanction, underscoring the importance of transparency and consumer rights in the digital age. This ruling highlights the necessity for companies to provide clear and accessible information regarding data use and account management policies, setting a precedent for other regulatory bodies to follow.