Norway has succeeded in getting the European Data Protection Board (EDPB) to make permanent and extend across Europe its ban on Meta (Facebook’s parent company) harvesting user data for targeted ads on Facebook and Instagram.
Back in July, Norway had banned this data collection after a European Court of Justice ruling that Meta’s practices also collected protected data like race, religion, and sexual orientation. Meta disputed that it needed explicit consent, arguing that agreeing to terms of service was enough, but courts rejected this.
Despite Norway imposing fines of over $98,000 per day since August over noncompliance, Meta continued to dispute the ban, arguing it was invalid.
However, the EDPB has now agreed with Norway’s assessment. In a new binding decision, it has instructed the Irish Data Protection Authority to place a permanent ban on Meta’s European headquarters in Ireland from processing user data for targeted advertising without explicit consent.
Once implemented, this ban will extend across the entire EU/EEA region and impact over 250 million active Facebook and Instagram users. Norway has argued that “enough is enough” after years of Meta violating basic privacy protections despite clear orders to stop.
While Meta has claimed it will start seeking direct user consent for behavioral ads in the EU, EEA, and Switzerland, critics doubt whether its proposed consent methods are legal. Norway pushed for an EU-wide ban to prevent Meta from continuing infringements while it looks for loopholes.
This latest ruling represents a major development in ongoing tensions between European privacy regulations like GDPR and Meta’s ad-targeting business model that depends heavily on user data collection. It remains to be seen how Meta will adapt its practices to comply, but European regulators have sent a strong message in favor of user privacy over corporate interests.
Meta’s response and impact
As European regulators have ramped up enforcement of privacy rules, Meta has been forced to dramatically alter its practices to comply.
Most notably, the company announced in October 2023 that it will introduce paid subscription options for Facebook and Instagram in the EU. For a monthly fee of €9.99 on desktop or €12.99 on mobile, users can continue using the services without targeted ads based on their data.
This shift represents a major concession from Meta’s longstanding ad-supported business model. The company acknowledged it still believes in “an ad-supported internet,” but said it respects the evolving European regulations.
In addition, Meta will temporarily stop showing ads to users under 18 altogether while it evaluates the impact of new EU digital rules prohibiting targeted ads for minors based on online profiling.
While these changes only apply in Europe for now, they illustrate how regulatory pressure can curtail Big Tech’s data collection and force new business approaches.
Meta has argued its new subscription fees comply with the recent EU court ruling that social media companies can charge for ad-free options. However, regulators have questioned whether the prices are too high to give users a real choice.
It remains to be seen how Meta will balance its massive advertising revenue, which reached over $113 billion last year, with satisfying European privacy expectations. But the company is clearly on the defensive as regional regulators flex their muscles.
