Meta has been hit with fines totaling 390 million euros ($413 million) for breaching European Union (EU) personal data laws on Facebook and Instagram, Ireland's data regulator said on Wednesday.

The Data Privacy Commissioner (DPC) said both must reassess the legal basis on how they run advertising based on personal data.

Its statement said that Meta breached "its obligations in relation to transparency" and used an incorrect legal basis "for its processing of personal data for the purpose of behavioural advertising."

The order on how both social media companies run advertising was made in December by the EU's privacy watchdog in which it overruled the Irish regulator's draft decision on that issue.

It related to a 2018 change in the terms of service at Facebook and Instagram following the introduction of new EU privacy laws where Meta sought to rely on the so-called "contract" legal basis for most of its processing operations.

Having previously relied on the consent of users to the processing of their personal data for targeted advertising, Meta instead considered that a contract was entered into upon acceptance of the updated 2018 terms and that this made such advertising lawful.

The DPC, which is the lead privacy regulator for many of the world's largest technology companies within the EU, directed Meta to bring its data processing operations into compliance within three months.

The penalties brought the total fines levied against Meta to date by the DPC to 1.3 billion euros ($1.38 billion). It currently has 11 other inquiries open into Meta services.

The DPC said that as part of its decision, the EU's privacy watchdog had purported to direct the Irish regulator to conduct a fresh investigation that would span all of Facebook and Instagram's data processing operations.