- cross-posted to:
- privacy@programming.dev
- technews@radiation.party
- cross-posted to:
- privacy@programming.dev
- technews@radiation.party
Norway Took On Meta’s Surveillance Ads and Won::Meta has long fought Europe’s demands that it get people’s consent before using their data for targeted ads. Then a Norwegian regulator threatened fines of $100,000 per day.
From the article:
Meta calls the information it compiles about how users behave across its apps “activity.” That activity might include what they say that you do on these platforms can be recorded and used for behavioral advertising purposes,” he says.
When compiled, this information can reveal incredibly personal information, potentially ranging from an individual’s musical tastes to their menstrual cycles. “These data are rather potent in the sense that they will tell you everything about a person’s online behavior and therefore also their interests, their personality,” says Tobias Judin, spokesperson for Norway’s privacy watchdog, Datatilsynet. When that information about how a user behaves online is used to inform what type of ads that person sees, it becomes what’s known as behavioral advertising. “Literally everything that you do on these platforms can be recorded and used for behavioral advertising purposes,” he says.
For years, European courts have argued that Meta cannot use this type of data for advertising unless the company asks for users’ explicit—yes or no—consent. But in July, Norway went a step further, branding the way Meta carries out behavioral advertising as illegal. The watchdog threatened to ban Meta’s behavioral ads in Norway and pledged to fine the tech giant $100,000 per day unless the company changed its ways. The ban was due to take effect on August 4; three days before that, on August 1, Meta quietly published an update to a January blog post announcing its intention to comply.
“Today, we are announcing our intention to change the legal basis that we use to process certain data for behavioral advertising for people in the EU, EEA and Switzerland from ‘Legitimate Interests’ to ‘Consent,’” the blog post read, without saying specifically when the change will take place or mentioning Norway. Meta declined WIRED’s request to comment further.
Norway is chalking this up as a victory. “While Meta states that this is a voluntary change on their end, that appears very unconvincing,” says Judin. “Asking users for consent could negatively affect the company’s earnings, and historically speaking, Meta has not been willing to sacrifice profits for privacy unless forced.” Meta said the wider Europe region generated almost a quarter of its advertising revenue in the three months leading up to June 30.
Norway’s threat was a bold move. “We normally don’t ban processing activities like this,” Judin says. But the regulator has become a new thorn in Meta’s side. Last year, the watchdog came under new leadership, with privacy lawyer Line Coll taking the helm as director. Speaking to the Norwegian business magazine Kapital in May, she suggested she was thinking about new ways to use sanctions to better protect privacy. So far, she has delivered.
However, the Norwegian order formed only the top of a very large pile of legal challenges to the way Meta deployed personalized advertising in Europe.
In response, the company has adopted different legal justifications for doing this type of advertising that did not require users’ consent. Initially it argued that behavioral ads were an essential part of its business. After that was questioned in the courts, Meta claimed a “legitimate interest” to use that information. Then, in July, the EU’s Court of Justice decided that didn’t fly unless users were asked for consent. After that, Norway’s complaint was simply the straw that broke the camel’s back.
The real root of Meta’s decision was a ruling by the European Data Protection Board in January and the EU Court of Justice case in July, says Max Schrems, who runs the influential Vienna-based privacy campaign group NOYB. However he notes that the regulator in Norway—which is part of the European Economic Area, not the EU—has become a forceful voice in trying to get Meta to comply with European tech rules. “The Norwegians are really applying the law as it is, which a lot of other DPAs [data protection regulators] don’t really do,” he says. !<
Just a heads up - if you’re in the EU or EEA, please donate to the NOYB org mentioned here. They’ve been fighting hard and with actual success for our digital rights in response to companies wringing their hands at the idea of actually respecting the GDPR and our privacy.