The Norwegian Data Protection Authority has imposed a temporary ban on Meta’s targeted advertising that relies on the collection of users’ personal data, Politico wrote on Monday, July 17th. The country hopes that, by threatening hefty fines, it could force the Silicon Valley tech giant to finally comply with European data protection laws.
The so-called “behavioral advertising” that Meta’s Facebook and Instagram are engaged in relies on the processing of private and sensitive personal information that’s being gathered by tracking users’ online activity and estimated locations.
After the ban on (overly) personalized ads kicks in on August 4th, Meta will only be able to use the data users willingly disclose on their profiles, but not their searches or interactions. Non-compliance with the ruling will result in a fine of 1 million Norwegian Krone (nearly €90,000) per day.
The ban on targeted advertising will last for three months initially, with long-term measures being prepared by Oslo in cooperation with EU data regulators. The ban could be lifted at any moment if Meta fulfills certain criteria, such as giving users the option to turn personal data harvesting off and finding a legally acceptable way of processing the data.
The move comes after the EU Court of Justice (ECJ) ruled earlier this month that Meta’s data harvesting and processing practices are illegal under the EU’s data protection law (GDPR), which Oslo enforces as well, despite Norway not being an EU member state. Two months prior, the EU also slapped Meta with a fine of €1.2 billion, the heftiest penalty ever imposed on a tech firm, for the same reasons.
At that point, the company had already been fined €390 million by the Irish Data Protection Commission, which oversees Meta GDPR compliance in the entire EU since the company is headquartered in Dublin. In January, the IDPC ordered Meta to find legal ways for data processing, which the tech giant appealed and is now awaiting a second decision on.
But despite the ECJ ruling and record fines, Meta does not seem to care. That’s why Oslo didn’t wait around for the EU regulators’ upcoming decision in mid-August but moved to end illegal data harvesting on its own first with a temporary measure.
“The persistent state of non-compliance [with GDPR] demands immediate action to protect the rights and freedoms of European data subjects,” the Norwegian agency argued in the order.
Meta itself, however, is not really concerned. According to Matt Pollard, the company’s spokesman, Meta “will review the Norway DPA’s decision, and there is no immediate impact to our services.”
Norway might be the first European country to actually ban behavioral advertising, but certainly not the last. As soon as the Irish DPA publishes its findings in August, the EU could issue a similar ban bloc-wide.
