The European Data Protection Board (EDPB) has instructed Ireland’s privacy watchdog to impose a ban on Meta’s processing of personal data for behavioral advertising throughout the European single market.
This decision follows a request from Norway’s Data Protection Authority, Datatilsynet, to extend Norway’s countrywide ban on Meta’s processing of personal data to the entire European Economic Area (EEA).
The EDPB clarified in December 2022 that Meta’s end-user contract is not a suitable legal basis for the processing of personal data for behavioral advertising. The DPA found that Meta has failed to comply with orders imposed at the end of 2022.
Meta has argued that its Terms & Conditions contract, which users of its services accept, represents a valid legal basis to process personal data and deliver behaviorally targeted ads. However, European courts have disagreed. Under the 2018 European General Data Protection Regulation, people must give specific consent before they’re presented with personalized ads.
In response to the EDPB’s data collection ban, Meta announced a no-ads subscription option for those in EU, EEA and Switzerland. Despite this, Meta expressed surprise at the EDPB’s decision and plans to challenge it.
This is not the first time Meta has faced scrutiny over its data practices. Earlier this year, Meta was fined €390m euros (£346m) by the Irish Data Protection Commission (DPC) for breaking EU data rules. The DPC stated that the way Meta asked permission to use peoples’ data for ads on Facebook and Instagram was unlawful.
