In a pivotal decision, the European Data Protection Board (EDPB) has agreed to extend a ban originally imposed by non-EU member Norway on “behavioral advertising” on Facebook and Instagram. This ban, which targets users by harvesting their data for personalized advertising, will now cover all 30 countries in the European Union and the European Economic Area.
The move represents a significant setback for Meta Platforms, the U.S. tech giant that owns these two social media services, as it has consistently opposed efforts to restrict this practice.
The Norwegian data regulator, Datatilsynet, had previously imposed daily fines on Meta since August 7 for breaching user privacy by utilizing their data, including location and browsing behavior, for advertising purposes – a common business model among major tech companies. Notably, the ban on such advertising comes with the risk of Meta facing fines of up to 4% of its global turnover, as warned by the Norwegian data regulator.
The EDPB’s decision instructs the Irish data regulator, where Meta’s European headquarters are located, to implement a permanent ban on the company’s use of behavioral advertising within two weeks. The ban encompasses the processing of personal data for behavioral advertising on the legal bases of contract and legitimate interest throughout the entire European Economic Area.
Meta responded by announcing its commitment to give users in the EU and the EEA the opportunity to consent and, in November, it plans to offer a subscription model to comply with regulatory requirements. A company spokesperson noted, “EDPB members have been aware of this plan for weeks, and we were already fully engaged with them to arrive at a satisfactory outcome for all parties. This development unjustifiably ignores that careful and robust regulatory process.”
It’s worth mentioning that since the ban’s inception in Norway, Meta has been subject to daily fines of 1 million crowns (approximately $90,000) for infringing on users’ privacy by using their data for advertising purposes. In September, Datatilsynet referred this ongoing fine to the European regulator, given that it was applicable only within Norway. Although this fine is set to expire on November 3, Meta now faces the prospect of much more substantial financial penalties. According to Tobias Judin, the head of Datatilsynet’s international section, non-compliance with the EU/EEA-wide ban could result in sanctions of up to 4% of Meta’s global turnover, as per the General Data Protection Regulation (GDPR), the EU’s framework for information privacy.
While Norway is not an EU member, it is part of the European single market, making this decision impactful across the continent. The ban affects approximately 250 million Facebook and Instagram users in Europe, as confirmed by Datatilsynet. This development underscores the ongoing global scrutiny and regulatory challenges faced by tech giants regarding data privacy and advertising practices.
