E.U. regulators have invalidated Meta’s contract requirement that Facebook, Instagram and WhatsApp users allow the company to use their personal data without consent, fining the company $428 million. The regulators’ decisions, published January 11 and 19, reject the common business model of providing a free internet service in exchange for users’ activity data. The Meta case also exposes intensifying disputes among the E.U. regulators, with Ireland’s Data Protection Commission announcing that it will sue the bloc’s top data protection board to annul one binding order for further proceedings. This article examines the decisions' impact on data collection under GDPR, the dueling regulator positions, and the key compliance implications for companies, and includes insights from GDPR specialists at DLA Piper, Ropes & Gray and Wallace. See “Two European Regulators Warn Behavioral Advertising Skates on Thin Ice” (Jan. 19, 2022).