Meta, the parent company of Facebook and Instagram, is under fire from Norway’s data regulator, the Norwegian Data Protection Authority (Norwegian Data Protection Authority). The agency says that the company’s practice of tracking users across Instagram and Facebook and using that information for marketing purposes violates their privacy. If Meta doesn’t address the violations by August 4th, the company will be fined 1,000,000 NOK ($100,000 USD) each day until November 3rd, reported Politico.
The Norwegian Data Protection Authority states, “Users are profiled based on where they are, what type of content they show interest in and what they publish, amongst others. These personal profiles are used for marketing purposes – so called behavioral advertising.”
The agency’s decision comes just days after the European Unions’ top court ruled Meta cannot harvest user data for behavioral advertising. According to Tobias Judin, head of Datatilsynet’s international section, “It is so clear that this is illegal that we need to intervene now and immediately. We cannot wait any longer. It would put additional pressure on Meta.”
As part of the decision, the Norwegian Data Protection Authority has imposed a temporary ban of behavioral advertising on Facebook and Instagram in Norway. This means that Facebook and Instagram will be able to show people customized ads but only based on the information given by users in the “about” section of their profiles. If Meta does not comply with the order, they will face daily fines of 1 million Norwegian Krone (89,500). The temporary ban could be lifted if Meta finds a way to legally process personal data and give users the rights to opt out of targeted advertising based on tracking.
The Norwegian regulator is the first European privacy authority to severely restrict Meta’s data-driven business following the EU’s top court ruling and has referred its move to the European Data Protection Board to be made permanent.
The Irish Data Protection Commission is also currently scrutinizing Meta’s advertising practices. Graham Doyle, Deputy Commissioner and Spokesperson of the Irish Data Protection Commission states, “The Irish Data Protection Commission plans on making a decision on Meta’s legal basis for its targeted advertising operations “by no later than mid-August.”
In response, Matt Pollard, spokesperson for Meta, said, “The debate around legal bases has been ongoing for some time and businesses continue to face a lack of regulatory certainty in this area … We continue to constructively engage with the Irish DPC, our lead regulator in the EU, regarding our compliance with its decision. We will review the Norway DPA’s decision, and there is no immediate impact to our services.”
The Norwegian Data Protection Authority has issued a stern warning to Meta, the parent company of Facebook and Instagram, over advertising practices that it believes violated users’ privacy rights by tracking them across the platform and using that information for marketing purposes. The temporary ban that the authority imposed on behavioral advertising on Facebook and Instagram in Norway has put additional pressure on the company. If Meta fails to take action to address the violations by August 4th, they will be facing daily fines of 1 million Norwegian Krone (89,500).
The Norwegian regulator has referred its move to the European Data Protection Board for the potential for it to be made permanent as well as expanding the decision’s territorial scope in Europe. Despite being under scrutiny from the lead privacy regulator, the Irish Data Protection Commission, Meta is committed to engaging with the Commission and reviewing Norway’s order.
This latest incident is a clear sign of how closely Norway is monitoring the legal status of data protection, as they are the first European privacy authority to severely restrict Meta’s data-driven business in the wake of the European Union top court ruling.