Meta, the parent company of Facebook and Instagram, has been issued two substantial financial penalties totaling $414 million by the Irish Data Protection Commission (DPC) due to violations of the European Union's General Data Protection Regulation (GDPR).

The DPC found that Meta's advertising and data handling practices were in violation of EU privacy laws and ordered the company to pay a fine of €210 million (~$222.5 million) for GDPR violations and a fine of €180 million for GDPR violations by Instagram.

These penalties are in addition to a series of other privacy fines received by Meta in Europe in 2022, including a €265 million penalty for a Facebook data-scraping breach, a €405 million penalty for an Instagram violation of children's privacy, a €17 million penalty for several historical Facebook data breaches, and a €60 million penalty over Facebook cookie consent violations, totaling €747 million in publicly disclosed EU data protection and privacy fines.

In addition to the financial penalties, the DPC has also ordered Meta to bring its data processing operations into compliance with the GDPR within three months, including obtaining user consent for behavioral ads and refraining from profiling and targeting users who do not consent to surveillance ads.

Meta plans to appeal the ruling, stating that it believes it fully complies with GDPR by relying on "contractual necessity" for behavioral ads. The decision does not amount to a ban on personalized advertising, and businesses can continue to use Meta's platforms to target users with ads.