Meta's Behavioral Ads Will Finally Face GDPR Privacy Reckoning In January (techcrunch.com) 8
An anonymous reader quotes a report from TechCrunch: Major privacy complaints targeting the legality of Meta's core advertising business model in Europe have finally been settled via a dispute resolution mechanism baked into the EU's General Data Protection Regulation (GDPR). The complaints, which date back to May 2018, take aim at the tech giant's so-called forced consent to continue tracking and targeting users by processing their personal data to build profiles for behavioral advertising, so the outcome could have major ramifications for how Meta operates if regulators order the company to amend its practices. The GDPR also allows for large fines for major violations -- up to 4% of global annual turnover.
The European Data Protection Board (EDPB), a steering body for the GDPR, confirmed today it has stepped in to three binding decisions in the three complaints against Meta platforms Facebook, Instagram and WhatsApp. The trio of complaints were filed by European privacy campaign group noyb as soon as the GDPR entered into application across the EU. So it's taken some 4.5 years just to get to this point. [...] What exactly has been decided? The EDPB is not disclosing that yet. The protocol it's following means it passes its binding decisions back to the Irish Data Protection Commission (DPC), Meta's lead privacy regulator in the EU, which must then apply them in the final decisions it will issue. The DPC now has one month to issue final decisions and confirm any financial penalties. So we should get the full gory details by early next year.
The Wall Street Journal may offer a glimpse of what's to come: It's reporting that Meta's ad model will face restrictions in the EU -- citing "people familiar with the situation." It also reports the company will face "significant" fines for breaching the GDPR. "The board's rulings Monday, which haven't yet been disclosed publicly, don't directly order Meta to change practices but rather call for Ireland's Data Protection Commission to issue public orders that reflect its decisions, along with significant fines," the WSJ wrote, citing unnamed sources. [...] The company was recently spotted in a filing setting aside 3 billion euros for data protection fines in 2022 and 2023 -- a large chunk of which has yet to land. "In line with Art. 65 (5) GDPR, we cannot comment on the content of the decisions until after the Irish DPC has notified the controller of its final decisions," said a spokesperson for the EDPB. "As indicated in our press release, the EDPB looked into whether or not the processing of personal data for the performance of a contract is a suitable legal basis for behavioral advertising, but at this point in time we cannot confirm what the EDPB's decision in this matter was."
The DPC also declined to comment on the newspaper's report -- but deputy commissioner Graham Doyle confirmed to TechCrunch that it will announce binding decisions on these complaints in early January.
A Meta spokesperson issued the following statement to TechCrunch: "This is not the final decision and it is too early to speculate. GDPR allows for a range of legal bases under which data can be processed, beyond consent or performance of a contract. Under the GDPR there is no hierarchy between these legal bases, and none should be considered better than any other. We've engaged fully with the DPC on their inquiries and will continue to engage with them as they finalize their decision."
The European Data Protection Board (EDPB), a steering body for the GDPR, confirmed today it has stepped in to three binding decisions in the three complaints against Meta platforms Facebook, Instagram and WhatsApp. The trio of complaints were filed by European privacy campaign group noyb as soon as the GDPR entered into application across the EU. So it's taken some 4.5 years just to get to this point. [...] What exactly has been decided? The EDPB is not disclosing that yet. The protocol it's following means it passes its binding decisions back to the Irish Data Protection Commission (DPC), Meta's lead privacy regulator in the EU, which must then apply them in the final decisions it will issue. The DPC now has one month to issue final decisions and confirm any financial penalties. So we should get the full gory details by early next year.
The Wall Street Journal may offer a glimpse of what's to come: It's reporting that Meta's ad model will face restrictions in the EU -- citing "people familiar with the situation." It also reports the company will face "significant" fines for breaching the GDPR. "The board's rulings Monday, which haven't yet been disclosed publicly, don't directly order Meta to change practices but rather call for Ireland's Data Protection Commission to issue public orders that reflect its decisions, along with significant fines," the WSJ wrote, citing unnamed sources. [...] The company was recently spotted in a filing setting aside 3 billion euros for data protection fines in 2022 and 2023 -- a large chunk of which has yet to land. "In line with Art. 65 (5) GDPR, we cannot comment on the content of the decisions until after the Irish DPC has notified the controller of its final decisions," said a spokesperson for the EDPB. "As indicated in our press release, the EDPB looked into whether or not the processing of personal data for the performance of a contract is a suitable legal basis for behavioral advertising, but at this point in time we cannot confirm what the EDPB's decision in this matter was."
The DPC also declined to comment on the newspaper's report -- but deputy commissioner Graham Doyle confirmed to TechCrunch that it will announce binding decisions on these complaints in early January.
A Meta spokesperson issued the following statement to TechCrunch: "This is not the final decision and it is too early to speculate. GDPR allows for a range of legal bases under which data can be processed, beyond consent or performance of a contract. Under the GDPR there is no hierarchy between these legal bases, and none should be considered better than any other. We've engaged fully with the DPC on their inquiries and will continue to engage with them as they finalize their decision."
Re: (Score:2)
Hey Trump moderators. Don't blame me, blame CA -- they said they helped Trump win.
Live by the sword... (Score:5, Insightful)
You wanted to be a European company and take advantage of special tax laws to avoid paying US taxes... OK. You get to follow European laws regarding how you operate your business.
Suck it up, follow the laws, and pay your share.
This is way more important (Score:3)
than the whinging about Apple's walled garden.
All tracking needs to stop, period. Both on and off the Internet.
Re: (Score:2)
That's how the relative privation bullshit reasoning keeps things from getting done, because almost always you can find something worse.
Though in reality, this is not a kind of triage situation where you have to be careful how to apply your resources. In reality, in most situations, especially if there's that many people, more than one thing can be done at a time.
4% (Score:2)
The max allowed fine is 4%, and whom is it for? If the worst, by far, offender won't get that, the whole concept is toothless.