Photo by mundissima / Shutterstock.com
In a recent development, the European Data Protection Board (EDPB) has extended the temporary ban on targeted advertising on Meta platforms, including Facebook and Instagram, to the whole of the European Economic Area, which was initially imposed by the Norwegian regulators (Datatilsynet) in July.
The ban resulted from concerns that Meta, the parent company of Facebook and Instagram, was engaging in behavioural advertising without proper consent from users.
Behavioural advertising involves using people’s preferences, information posted on Facebook and Instagram, and location data to create personalised profiles for targeted advertising. The Norwegian DPA raised the alarm in July, leading to the temporary ban.
The EDPB’s urgent binding decision, issued on October 27th, instructs the Irish DPC to prohibit data collection for behavioural advertising across the European Economic Area (EEA) within two weeks. Meta has been granted one week to comply once the Irish DPC evaluates Meta’s proposal to apply a consent-based approach to data processing.
The Norwegian DPA had emphasised that Meta’s business model and use of personal data breach European privacy regulations. Although Meta has promised to seek user consent for behavioural marketing in the future, no changes have been implemented yet.
In March, Meta agreed to let European users opt out of Instagram and Facebook tracking.
Meta and the European regulators have often been at the loggerheads on behavioural advertising, with Meta being on the receiving end most of the time. In December 2022, the Irish regulators imposed a fine of €390 million ($438 million) on Meta for illegal behavioural advertising and forcing users to consent to data collection by Meta platforms. Meta contested the fine on the basis that it lacks a strong regulation.
The European Court of Justice (ECJ) further found that Meta’s approach to behavioural advertising was non-compliant with EU regulations, despite the Irish DPC’s order to bring its data processing operations into the ambit of GDPR within three months.
In a separate incident, Meta was fined €265 million ($275.5 million) in November 2022 for a data leak affecting 533 million accounts.
In January this year, Meta announced that it will now limit advertisements shown to teens on its various platforms.
In June, the European Parliament and the Council of the EU reached a provisional agreement for the new Data Act, giving European users more control over their data.
Extending the ban on targeted advertising is part of ongoing efforts to ensure compliance with data protection and privacy regulations within the European Union, with Meta facing substantial financial penalties for its non-compliance.
In the News: Apple’s Scary Fast event summarised in 15 points