Datatilsynet, Norway’s Data Protection Authority, will temporarily ban behavioural advertising on Meta platforms Facebook and Instagram due to privacy violations.
The ban will apply from August 4 and last for three months – or until the US giant addresses the legal requirements. If Meta doesn’t take action, it risks a fine of up to €88,600 per day.
The decision follows the latest ruling by the EU’s Court of Justice (CJEU), which deemed Meta’s behavioural advertising practices incompatible with the GDPR.
As the name suggests, behavioural advertising displays targeted ads to individuals by observing their online behaviour. Companies who employ it use data collection, tracking, and profiling to paint a detailed picture of people’s lives, personalities, and interests.
“Invasive commercial surveillance for marketing purposes is one of the biggest risks to data protection on the internet today. Users must have sufficient control over their own data, and any tracking must be limited” said Tobias Judin, head of Datatilsynet’s International Sector.
“The Norwegian Data Protection Authority’s decision does not ban Facebook or Instagram in Norway. The purpose is rather to ensure that people in Norway can use these services in a secure way and that their rights are safeguarded,” Judin added.
According to the authority, there are numerous risks lurking in behavioural advertising. These range from limited freedom of expression and discrimination to tampering with democratic practices. With 82% of adult Norwegians having a Facebook account, and 65% using Instagram, Datalisynet decided urgent action was needed.
Moving forward, the regulator may take the matter to the European Data Protection Board (EDPB), to decide whether the ban can be extended beyond the initial three months. According to Datalisynet, Meta disagrees with the assessment and holds the right to appeal in court.
Following the CJEU’s ruling, the Norwegian body is the first European data privacy authority to restrict Meta’s ad-fueled business. It remains to be seen whether this will have a ripple effect across the continent, adding to Zuckerberg’s GDPR nightmares.