Meta faces €89,000 daily fine for harvesting user data to power ads
Norway is set to impose heavy fines on Meta after ruling that the social media giant’s behavioural advertising practices do not comply with its laws.
Datatilsynet, the Norwegian data protection authority, had given Meta until 4 August to submit evidence it changed its approach to harvesting geolocation data to power targeted advertising.
From 14 August the authority will fine Meta 1 million kroner per day until November 3, or until the firm complies with laws set out under GDPR as well as domestic data protection regulations. It clarified this doesn’t amount to a Facebook or Instagram ban in Norway.
Meta faces a total bill of 81 million kroner €89.282) over the fine period, but Datatilsynet reserves the right to ask the European Data Protection Board (EDPB) to extend the fine, or make it permanent.
Behavioural advertising is a method through which publishers can take advantage of user data to push individually-relevant advertising content. In December 2022 the Irish Data Protection Commission (DPC) ruled that Meta unlawfully processed user data for behavioural advertising and fined the firm €390 million.
Datatilsynet cited a July decision from the Court of Justice of the European Union (CJEU) which stated Meta hadn’t changed its policies enough to comply with the law, following the DPC ruling.
The authority said Meta tracks the interests of users and what they post to build a detailed profile on them to determine which content to show them. It contended this is an issue of freedom of information, and that such targeted advertising is “particularly problematic from a democratic perspective”.
Meta still contends its promised consent changes are in line with prior demands but could be hit with fines of a similar nature by other authorities if authorities disagree.
“Today, we are announcing our intention to change the legal basis that we use to process certain data for behavioural advertising for people in the EU, EEA and Switzerland from ‘legitimate interests’ to ‘consent’,” Meta stated on 1 August.
“This change is to address a number of evolving and emerging regulatory requirements in the region, notably how our lead data protection regulator in the EU, the Irish Data Protection Commission (DPC), is now interpreting GDPR in light of recent legal rulings, as well as anticipating the entry into force of the Digital Markets Act (DMA).”
The DPC is the designated supervisory authority when it comes to adjudicating over several big tech companies, including Meta, because they’re headquartered in Ireland. The law, however, lets the likes of Datatilsynet to impose a three-month decision for violations that are deemed sufficiently urgent.
The DPC fined Meta €265 million in November 2022 for data scraping, and a further €390 million in December over its ad targeting policies, bringing the total 12-month fine total to more than €1 billion.
Another fine came in May 2023, with Meta fined a record €1.3 billion by the DPC for breaching GDPR through data transfers to the US that were deemed insufficiently protective of citizens’ rights and freedoms.
The firm subsequently announced plans to ask EU users for their consent on targeted advertising, and that the change would take several months to implement.
Ⓒ Future Publishing
Subscribers 0
Fans 0
Followers 0
Followers