Norway wants to impose a permanent ban on Facebook’s data collection. It wants to extend this ban to the rest of Europe through the European Data Protection Board (EDPB). Do the changes in Meta’s ad policy still violate European laws?
Norwegian watchdog Datatilsynet does not appear to be done with Facebook. Several months ago, it threatened a fine if Meta, the company behind Facebook, continued unauthorized data collection for targeted ads. The fine enforced an amount of 89,000 euros for each day the practices continued.
The fine, however, holds an end date of Nov. 3. The date is getting closer, so Datatilsynet wants to see what permanent actions it can take against Meta from then on. Talks with the European Data Protection Board (EDPB) already took place. Norway is using that route to extend the action it will take to the rest of Europe.
Collecting sensitive data
Facebook’s advertising practices are considered a major privacy violation by Norway because the data collected also deals with sensitive data. This includes, for example, race, ethnicity, religion and sexual orientation. The country’s watchdog takes these findings from the decision of the Court of Justice of the European Union, in which it determined that Meta has no legal basis to show its users personalized ads.
In the case, the Court found that the practices violated the GDPR. Meta responded not much later with a new privacy policy. In it, users are given the choice of whether to allow personalized ads.
Read also: Meta will ask permission for personalized advertising in the EU after all
Meta responds indignantly to The Register, “as Meta has already committed to moving to the legal basis of consent for advertising in the EU/EEA.” However, there is also something to be said for Datatilsynet’s position. After all, users who consent to the personalized ads continue to cede sensitive information to Meta.
Moreover, Meta already appears to be tinkering with its consent options. The Wall Street Journal knows that the social media conglomerate in Europe is experimenting with paid subscriptions for Instagram and Facebook to make the social media platforms ad-free. A company spokesman detailed the following about the plans that the company believes in “free services supported by personalized ads” but is looking at “options to ensure we are in line with evolving regulatory requirements.” If paying is the only option to escape from personalized ads, the concept of consent is once again put into a different perspective.
Part of DSA
Norway hopes to extend sanctions to the rest of Europe, but it is unclear whether any practices can currently be considered privacy violations. The data Facebook collects are either way part of the Digital Services Act (DSA), a set of European rules designed to guarantee European users a safe online environment. According to this law, it is no longer allowed to determine target groups based on personal data such as sexual orientation and political preferences. Every personalized advertisement you see must also indicate which factor determines that you see it.
Through the DSA, Europe can levy fines of up to six percent of the annual revenue generated by the offending company. This legislation is currently already in place for 19 comprehensive platforms and search engines, including Meta.
Playing with the rules
It remains to be seen if Meta has stopped collecting data from European users in the meantime or if a fine through the DSA is forthcoming. It is also possible that the system has already been tweaked and only collects personal data that is not part of the recent legislation. How the authorities will react to the enforcement of paying not to see personalized ads remains to be seen.
Personalized ads are not illegal in their entirety, by the way, and to be in compliance with the GDPR is, in most cases, a matter of asking for users’ consent. This way, Google, for example, can unleash the Chrome Privacy Sandbox on all Chrome users, despite the fact that experts also see the alternative to third-party cookies as a form of privacy violation.
Also read: What is the Google Chrome Privacy Sandbox?
2 days ago
