Datatilsynet, the Norwegian data protection authority, will temporarily ban behavioral advertising on meta-platforms Facebook and Instagram due to data breaches.
The ban is effective from August 4 and will last for three months – or until the US giant meets legal requirements. If Meta does not act, she faces a fine of up to 88,600 euros per day.
The decision follows the recent judgment of the Court of Justice of the European Union (CJEU), which Meta’s behavioral advertising practices are not GDPR compliant.
As the name suggests, behavioral advertising displays targeted advertisements to individuals by observing their online behavior. Companies that use it use data collection, tracking, and profiling to paint a detailed picture of people’s lives, personality, and interests.
Find out about our conference presentations
Watch videos of our past lectures for free with TNW All Access →
“Invasive commercial surveillance for marketing purposes is one of the biggest risks to online privacy today. “Users must have sufficient control over their own data and any tracking must be limited,” said Tobias Judin, head of Datatilsynet’s international division.
“The decision of the Norwegian Data Protection Authority does not ban Facebook or Instagram in Norway. Rather, the purpose is to ensure that people in Norway can use these services in a safe manner and that their rights are protected,” added Judin.
According to the authority, numerous risks lurk in behavioral advertising. These range from restricted freedom of expression and discrimination to the manipulation of democratic practices. With 82% of adult Norwegians having a Facebook account and 65% using Instagram, Datalisynet decided that urgent action was needed.
In the future, the regulator could bring the matter before the European Data Protection Board (EDPB) to decide whether the ban can be extended beyond the first three months. According to Datalisynet, Meta disagrees with the assessment and has the right to appeal to the court.
According to the ECJ ruling, the Norwegian authority is the first European data protection authority to restrict Meta’s ad-supported business. It remains to be seen if this will have widespread ramifications across the continent and add to Zuckerberg’s GDPR nightmares.