The European Commission (EC) on Friday said it needs more information from Facebook and Instagram parent company Meta to assess its compliance with applicable privacy and security laws in the European Union (EU).
The EC, in a statement, said Meta also needs to speed up its responses to requests in December for information, which centered on election information, terrorism and the protection of minors. The company has until March 15 to provide that information, with the new info about Meta’s pay-to-opt-out-of-tracking program due March 22.
The EC noted that, like all companies doing business in the EU and subject to the Digital Services Act, Meta could be subject to hefty fines for providing incomplete information or missing deadlines. European data protection authorities have levied heavy GDPR fines against a range of businesses, not just social media giants.
“The present [request for information] builds on Meta's previous replies and asks additional information concerning the methodology underlying Meta's risk assessment and mitigation measures reports, the protection of minors, elections and manipulated media,” the EC said. “The RFI also requests Meta to provide information related to the practice of so-called shadow banning and the launch of Threads.”
The Digital Services Act was approved in April 2022. It governs how internet companies must manage user data, how they are allowed to use that data to target advertising, and steps they must take to police illicit or deceptive content.
“It will ensure that the online environment remains a safe space, safeguarding freedom of expression and opportunities for digital businesses,” EC president Ursula von der Leyen said in a statement at the time.
The latest request for information aimed at Meta comes a day after eight consumer protection watchdog groups in the EU filed complaints against the company for its opaque data collection and processing policies. The complaints, filed with national data protection authorities, accuse Meta of violating the GDPR, abusing its dominant market position to misuse customer information, and making merely superficial changes to its privacy policy instead of actually complying with the law.
European authorities have long had Meta in their sights, having fined the company more than $2 billion since the GDPR took effect in 2018.