Norwegian Data Protection Authority has ordered Meta, the parent company of Facebook and Instagram, to cease tracking users in Norway for personalised advertising purposes.
The ban, set to take effect from August 4, will last for three months and halt what the Norwegian agency describes as the “highly opaque and intrusive monitoring and profiling operations” employed by Meta’s advertising practices.
Under the ban, Facebook and Instagram will only be allowed to display customised ads to users based on the information voluntarily provided in the “About” section of their profiles. Failure to comply with the order could result in Meta facing daily fines of one million Norwegian Krone or €89,500, reported Politico.
The Norwegian regulator’s decision follows a recent ruling by the Court of Justice of the European Union, which found Meta guilty of unlawfully collecting user data without explicit consent and leveraging it for targeted advertising based on the company’s “legitimate interest”.
Meta is already under scrutiny by its lead privacy regulator, the Irish Data Protection Commission, which imposed a fine of €390 million on the tech company for privacy violations. The Irish regulator has demanded that Meta establish a new legal basis for its business model and plans to decide on the matter by mid-August.
Notably, the Norwegian Data Protection Authority’s action marks the first instance of a European privacy authority severely limiting Meta’s data-driven operations following the EU court ruling. The agency also intends to seek an urgent binding decision from the European Data Protection Board to determine the final measures.
In response to the ban, Meta’s spokesperson, Matt Pollard, acknowledged the ongoing debate surrounding legal bases and the need for regulatory clarity. He stated that Meta continues to engage with the Irish Data Protection Commission and that there will be no immediate impact on their services due to the Norwegian decision.
The Irish Data Protection Commission has consulted with other European authorities regarding Meta’s compliance with the General Data Protection Regulation (GDPR) for targeted advertising. These authorities have until July 27 to submit their assessments to the Irish DPC.
It seems like Meta and Europe are not getting along very well. In May, Meta was fined $1.3 billion over US data transfer. After three heavy fines in Europe, Meta reported that its EU users can opt out of Instagram and Facebook tracking.
EU has not been kind to Google either. Last month, the EU filed an antitrust complaint against Google’s advertising business. EU is certainly setting precedence on effectively protecting its citizens’ privacy.