Norway Data Protection Authority Threatens Meta with Daily $100K Fine Over User Advertising Privacy Concerns
Norway's Datatilsynet warns Meta over user advertising privacy violations. $100K daily fine risks. Learn about the implications and Meta's response.
In a bid to safeguard user privacy, Norway's data protection authority, Datatilsynet, issued a stern warning to Meta, the parent company of Facebook and Instagram, regarding advertising practices that violate data protection laws. If Meta fails to take corrective action, it could face a significant daily fine.
The root of the issue lies in behavioral advertising, a common marketing model that relies on profiling users through data collection, including physical locations. Datatilsynet deems this practice illegal when conducted without user consent, leading to the imposition of a "temporary ban" on such practices on Facebook and Instagram.
The ban, set to commence on August 4, threatens Meta with a substantial fine of up to 1 million Norwegian kroner (approximately $100,000) per day. Datatilsynet clarified that this ban would remain in effect for three months or until Meta demonstrates compliance with the law.
Tobias Judin, the head of the Norwegian Data Protection Authority's international department, emphasized that the purpose of this decision is not to ban Facebook or Instagram in Norway but rather to ensure that users can use these services securely, with their rights protected.
In response to the regulatory action, Meta conveyed that it would review Datatilsynet's decision and asserted that there is "no immediate impact" on its services. The tech giant also acknowledged the ongoing debate surrounding the legal bases of behavioral advertising and the lack of regulatory certainty in this domain. Meta disclosed that it continues to engage constructively with the Irish Data Protection Commission, its lead regulator in the EU, regarding compliance with its decisions.
Although Norway is not an EU member state, it is part of the European Economic Area (EEA). Datatilsynet referred to a December decision by the Irish Data Protection Commission, which directed Meta to align its behavioral advertising practices with European law by April. The regulator also cited a recent judgment from the EU's top court, highlighting the tech giant's non-compliance with the law.
Despite these directives, Meta has persisted with its current practices, prompting Datatilsynet to intervene urgently. The regulator fears that Meta's lack of action may result in further delays in achieving compliance.
The scope of the behavioral advertising ban may extend beyond Norway. Datatilsynet indicated that it might bring the matter to the European Data Protection Board, potentially leading to an extension of the three-month ban and broader implications across the continent.
Meta has faced persistent challenges related to data privacy. In May, the EU imposed a record $1.3 billion fine on Meta and mandated that it cease transferring users' personal information across the Atlantic by October. Additionally, the tech giant's new text-based app, Threads, has been withheld from EU rollout due to privacy concerns.
The situation reflects the growing importance of data protection and user privacy, with regulatory bodies worldwide taking proactive measures to ensure compliance and safeguard individuals' rights. As the digital landscape continues to evolve, companies like Meta must remain vigilant in upholding privacy standards and addressing the concerns of regulatory authorities and users alike.