The European Data Protection Board (EDPB) has decided to extend the ban on “behavioral advertising” that was initially imposed by Norway, a non-EU member, to encompass all 30 countries within the European Union (EU) and the European Economic Area (EEA).
This decision, which came on Wednesday, poses a significant challenge to Meta Platforms, the US tech giant responsible for Facebook and Instagram; both have vehemently resisted efforts to curtail the controversial advertising practice. Under the expanded ban, Meta may face fines of up to 4 percent of its global revenue, as stipulated by the Norwegian data regulator.
The EDPB’s ruling directs the data regulator of Ireland, where Meta’s European headquarters are situated, to implement a permanent ban on the company’s use of behavioral advertising within the next two weeks, according to a statement provided to Reuters.
The decision, which the EDPB describes as an “urgent binding decision,” effectively prohibits the processing of personal data for behavioral advertising throughout the entire European Economic Area based on the legal foundations of contracts and legitimate interests.
In response to the EDPB’s decision, Meta announced its intention to provide users in the EU and EEA with the option to consent to behavioral advertising and plans to introduce a subscription-based model in November to adhere to regulatory requirements.
A spokesperson from Meta emphasized that the company had been actively engaging with EDPB members for several weeks and expressed disappointment over the decision, claiming it ignores the careful and robust regulatory process Meta had already initiated.
Notably, since August 7, Meta has been facing daily fines in Norway amounting to 1 million crowns (equivalent to $90,000) due to privacy violations stemming from the use of user data, including location and browsing behavior, for advertising purposes—a practice commonly employed by major tech companies.
Datatilsynet, the Norwegian data regulator, referred the ongoing fine to the European regulator in September, as it was only enforceable within Norway. Although this particular fine is set to expire on November 3, Meta potentially faces more substantial financial penalties. According to Tobias Judin, the head of Datatilsynet’s international section, non-compliance with the EU/EEA-wide ban could result in GDPR (General Data Protection Regulation) violations, which carry the possibility of fines of up to 4 percent of the company’s global turnover.
It’s important to note that Norway, while not an EU member, is part of the European single market, and this decision impacts approximately 250 million Facebook and Instagram users across Europe, as confirmed by Datatilsynet.