Share This Article
The Irish Data Protection Commission has made waves with its recent decision to levy a staggering EUR 390 million GDPR fine against Meta for its practices in behavioural advertising, creating a precedent potentially impacting online behavioural advertising by any business, and changing the Internet as we know it.
The decision was based on the position of the EDPB (European Data Protection Board), which deemed that the performance of a contract could not serve as a legal basis for Meta’s behavioural advertising of its customers. This landmark GDPR serves as a warning to all companies engaging in behavioural advertising and highlights the need for strict adherence to EU data protection regulations.
The position of the EDPB on Meta followed by the GDPR fine by the Irish DPC
The EDPB has made a game-changing decision that could potentially halt the ability of Meta to use Facebook and Instagram for behavioural advertising under the guise of contract performance.
As a result, the Irish Data Protection Commissioner has issued a hefty GDPR fine of EUR 390 million, with several stipulations that Meta must follow in order to comply with the ruling. These include
- obtaining user consent for behavioural ads,
- giving users the option to withdraw consent at any time, and
- potentially refraining from using non-personal data to personalize ads unless given consent by the user.
Meta has just three months to comply with these requirements.
The reaction from Meta to the GDPR fine
Meta published a blog post where it clarified its position following such a fine where it held that they have decided to appeal the decision since in its view the approach to personalization on Facebook and Instagram complies with the GDPR and is an integral part of providing each user with their own unique experience.
They are disappointed with the outcome of the decision and will be fighting both the merits and the extent of the fines imposed. In a recent blog post, the company clarified its position on the matter.
The impact of the GDPR fine against Meta on the future of behavioural advertising
The recent GDPR fines levied against Meta have sent shockwaves through the online business community, as they highlight the potential risks and consequences of relying on behavioural advertising as a core strategy.
While the financial cost of the fine is significant, the bigger concern for Meta and other companies like it may be the need to seek consent from customers, who may be unwilling to grant it if they do not see a benefit. This could force businesses to rethink their approach and recalibrate their strategy in order to reduce risk exposure. The decisions also raise the possibility that EU data protection authorities will begin to closely scrutinize such matters in their jurisdictions, adding another layer of uncertainty for online businesses.
It remains to be seen whether legitimate interest will continue to be a valid legal basis for behavioural advertising, or if consent will be the only option. Ultimately, the specific circumstances of each case will need to be carefully considered, and a thorough legitimate interest assessment should be conducted before any course of action is taken, with well-argued reasons provided to support it.
What is your view? Please provide your comments on social media where this article is posted. On a similar topic, you can read the article “€ 1.4 million GDPR fine for privacy breach through CRM card system in Italy”.
Photo by @glencarrie on Unsplash