Article 66M64 Meta's Behavioral Ads Will Finally Face GDPR Privacy Reckoning In January

Meta's Behavioral Ads Will Finally Face GDPR Privacy Reckoning In January

by
BeauHD
from Slashdot on (#66M64)
An anonymous reader quotes a report from TechCrunch: Major privacy complaints targeting the legality of Meta's core advertising business model in Europe have finally been settled via a dispute resolution mechanism baked into the EU's General Data Protection Regulation (GDPR). The complaints, which date back to May 2018, take aim at the tech giant's so-called forced consent to continue tracking and targeting users by processing their personal data to build profiles for behavioral advertising, so the outcome could have major ramifications for how Meta operates if regulators order the company to amend its practices. The GDPR also allows for large fines for major violations -- up to 4% of global annual turnover. The European Data Protection Board (EDPB), a steering body for the GDPR, confirmed today it has stepped in to three binding decisions in the three complaints against Meta platforms Facebook, Instagram and WhatsApp. The trio of complaints were filed by European privacy campaign group noyb as soon as the GDPR entered into application across the EU. So it's taken some 4.5 years just to get to this point. [...] What exactly has been decided? The EDPB is not disclosing that yet. The protocol it's following means it passes its binding decisions back to the Irish Data Protection Commission (DPC), Meta's lead privacy regulator in the EU, which must then apply them in the final decisions it will issue. The DPC now has one month to issue final decisions and confirm any financial penalties. So we should get the full gory details by early next year. The Wall Street Journal may offer a glimpse of what's to come: It's reporting that Meta's ad model will face restrictions in the EU -- citing "people familiar with the situation." It also reports the company will face "significant" fines for breaching the GDPR. "The board's rulings Monday, which haven't yet been disclosed publicly, don't directly order Meta to change practices but rather call for Ireland's Data Protection Commission to issue public orders that reflect its decisions, along with significant fines," the WSJ wrote, citing unnamed sources. [...] The company was recently spotted in a filing setting aside 3 billion euros for data protection fines in 2022 and 2023 -- a large chunk of which has yet to land. "In line with Art. 65 (5) GDPR, we cannot comment on the content of the decisions until after the Irish DPC has notified the controller of its final decisions," said a spokesperson for the EDPB. "As indicated in our press release, the EDPB looked into whether or not the processing of personal data for the performance of a contract is a suitable legal basis for behavioral advertising, but at this point in time we cannot confirm what the EDPB's decision in this matter was." The DPC also declined to comment on the newspaper's report -- but deputy commissioner Graham Doyle confirmed to TechCrunch that it will announce binding decisions on these complaints in early January. A Meta spokesperson issued the following statement to TechCrunch: "This is not the final decision and it is too early to speculate. GDPR allows for a range of legal bases under which data can be processed, beyond consent or performance of a contract. Under the GDPR there is no hierarchy between these legal bases, and none should be considered better than any other. We've engaged fully with the DPC on their inquiries and will continue to engage with them as they finalize their decision."

twitter_icon_large.pngfacebook_icon_large.png

Read more of this story at Slashdot.

External Content
Source RSS or Atom Feed
Feed Location https://rss.slashdot.org/Slashdot/slashdotMain
Feed Title Slashdot
Feed Link https://slashdot.org/
Feed Copyright Copyright Slashdot Media. All Rights Reserved.
Reply 0 comments