The European data regulator has agreed to extend Norway’s ban on behavioral advertising on Facebook and Instagram. The goal is to cover all 30 countries in the European Union and the European Economic Area, reports Reuters.
The ban on such advertising, which targets users by collecting their data, is a hurdle for US tech giant Meta Platforms, owner of the two social media services.
If it doesn’t comply, Meta risks being fined up to 4% of its global turnover, the Norwegian data regulator said.
The decision by the European Data Protection Board (EDPB) is an instruction to the data regulator of Ireland, where Meta’s European headquarters are located, to impose a permanent ban on the company’s use of behavioral advertising for up to two weeks, the EDPB said in a statement to Reuters.
On 27 October, the EDPB adopted an urgent binding decision to impose a ban on the processing of personal data for behavioral advertising on the legal grounds of contract and legitimate interest throughout the European Economic Area,” it said.
On Wednesday, Meta said it would give users in the EU and EEA the option to opt-in or not, and would offer a subscription model in November to meet regulatory requirements.
“EDPB members have been aware of this plan for weeks and we are now fully engaged with them to achieve a satisfactory outcome for all parties,” a company spokesman said.
“This development unjustifiably ignores this careful and robust regulatory process.”
Since August 7, Meta has been subject to daily fines in Norway – 1 million kroner ($90,000) per day – for violating users’ privacy by using their data, such as locations or browsing behavior, for advertising – a business model that is common to large technology companies.
Norway’s data regulator (Datatilsynet) said in September that it had referred the current fine to the European regulator because it was only valid in Norway.
That fine will expire on November 3, but Meta risks a much heavier financial penalty, according to Tobias Yudin, head of Datatilsynet’s international department.
As we will now receive a permanent ban, failure to comply with the EU/EEA-wide ban would in itself be a breach of the GDPR, punishable by up to 4% of global turnover,” Yudin told Reuters.
The General Data Protection Regulation (GDPR) is the EU’s rules on information privacy.
Norway is not a member of the EU, but is part of the single European market.
The decision affects around 250 million Facebook and Instagram users in Europe, Datatilsynet said.