Meta Fighting GDPR but Losing

Norway fined Meta for its targeted advertising practices and issued a temporary ban several months ago. Now Norway has gone to the European Data Protection Board (EDPB) and asked for the ban to be made permanent and EU/EEA wide.

Since Facebook makes most of its money from targeted ads and untargeted ads fetch a dramatically lower price, they continue to fight.

But it isn’t going well for them.

The EDPB is already fining Meta $94,000 a day — which kind of gives you some insight into how much money is involved. A Meta spokesperson said that they were surprised that the EDPB wasn’t just bowing down to them.

Norway’s ban expires November 3rd, which is the reason they are asking the EDPB for a ruling.

This is in addition to the EU’s highest court, the Court of Justice of the European Union (CJEU) ruling in July that Meta was hovering up protected data like race, ethnicity, religion and sexual orientation.

Meta claimed that the users had agreed to get their data vacuumed up because they clicked on the terms of service when they signed up. Not surprisingly, the CJEU didn’t buy that argument for a number of reasons, not the least of which is that GDPR says that you have to have a clear and conspicuous option to decline that hoovering, and which you do not.

Meta says they are going to create a separate checkbox for people, but it is unclear how that would work. Are you going to have to choose between yes or yes? If so, that still does not meet GDPR requirements.

Ireland fined Meta $1.3 billion for violating GDPR. Meta still relies on Privacy Shield as a basis to transfer data, even though that was struck down by the CJEU a couple of years ago.

Bottom line, if companies like Meta can’t steal your data and then target you, they don’t have a business. That is why they are fighting this so hard.

Credit: Dark Reading, The Register and Dark Reading

by