Facebook

The Norwegian Data Protection Authority (DPA), the country's data privacy watchdog, has banned behavioral advertising on Meta's Facebook and Instagram social networks.

The ban prohibits the practice unless the company secures explicit consent from Norwegian users to process their personal data.

Meta extensively monitors the users' actions, meticulously tracking their activities across its platforms, according to the Norwegian DPA.

The company uses content preferences, the info they post on Facebook and Instagram, and their location information to build personalized profiles that simplify targeted advertising, a tactic commonly known as behavioral advertising.

"The Norwegian Data Protection Authority considers that the practice of Meta is illegal and is therefore imposing a temporary ban of behavioural advertising on Facebook and Instagram," the data protection agency said.

"The Norwegian Data Protection Authority does not ban personalised advertising on Facebook or Instagram as such. The decision does not for example stop Meta from targeting advertising based on information a user put in their bio, such as place of residence, gender and age, or based on interests a user has provided themselves."

Failure to comply with the decision would come with a daily penalty of roughly $100,000, as enforced by the Norwegian DPA.

While this is only a temporary ban of three months starting August 4th (due to the agency's limited authority), the privacy watchdog says it's considering reaching out to the European Data Protection Board (EDPB) to extend the decision beyond the initial three-month ban.

Datatilsynet Facebook behavioral ads ban tweet

€390 million behavioral advertising fine

In December 2022, the Irish Data Protection Commission (DPC) fined Meta a total of €390 million (~$438 million) for conducting illegal behavioral advertising, forcing Facebook and Instagram users to consent to personal data processing for targeted advertising.

The Irish DPC also ordered Meta to bring its current data processing operations into compliance with GDPR's regulations within the next three months.

However, despite making some changes to comply with the Irish DPC's December ruling, the Court of Justice of the European Union (CJEU) found that Meta's GDPR approach to behavioral advertising is still largely illegal.

"Since then, Meta has made certain changes, but a fresh decision from the Court of Justice of the European Union (curia.europa.eu) has stated that Meta's behavioural advertising still does not comply with the law," the Norwegian watchdog said.

"Therefore, the Norwegian Data Protection Authority is now taking action by imposing a temporary ban."

Meta's non-compliance aligns with the company's statement after being fined in December. The company rejected DPC's findings and said it would appeal the fines, blaming the decision on a "lack of regulatory clarity."

"Facebook and Instagram are inherently personalised, and we believe that providing each user with their own unique experience – including the ads they see – is a necessary and essential part of that service," Meta said.

In November, Meta was hit with another €265 million ($275.5 million) fine by the Irish data watchdog for failing to protect Facebook users' data from scrapers after data linked to 533 million Facebook accounts leaked on a hacker forum.

Related Articles:

BetterHelp to pay $7.8 million to 800,000 in health data sharing settlement

Proton launches free, privacy-focused Google Docs alternative

Polyfill.io JavaScript supply chain attack impacts over 100K sites

Chrome for Android tests feature that securely verifies your ID with sites

Tor Browser 13.5 brings Android enhancements, better bridge management