OSLO, Nov 1 (Reuters) – The European data regulator has agreed to extend a ban imposed by non-EU member Norway on “behavioural advertising” on Facebook and Instagram to cover all 30 countries in the European Union and the European Economic Area, it said on Wednesday.
The ban on such advertising, which targets users by harvesting their data, is a setback for U.S. tech giant Meta Platforms (META.O), the owner of the two social media services, which has opposed efforts to curb the practice.
Meta runs the risk of getting fined up to 4% of its global turnover, the Norwegian data regulator said.
The decision by the European Data Protection Board (EDPB) is an instruction to the data regulator of Ireland, where Meta’s European headquarters are located, to impose a permanent ban on the company’s use of behavioural advertising within two weeks, EDPB said in a statement to Reuters.
“On 27 October, the EDPB adopted an urgent binding decision … to impose a ban on the processing of personal data for behavioural advertising on the legal bases of contract and legitimate interest across the entire European Economic Area,” it said.
Meta on Wednesday said it had already said it would give users in the EU and the EEA the opportunity to consent, and would offer, in November, a subscription model to comply with regulatory requirements.
“EDPB members have been aware of this plan for weeks and we were already fully engaged with them to arrive at a satisfactory outcome for all parties,” said a company spokesperson.
“This development unjustifiably ignores that careful and robust regulatory process.”
Since Aug.7, Meta has been subject to daily fines in Norway of 1 million crowns ($90,000) for breaching users’ privacy by using their data, such as locations or browsing behaviour, for advertising, a business model common to Big Tech.
The Norwegian data regulator, Datatilsynet, in September said it had referred the ongoing fine to the European regulator, as its fine was valid in Norway only.
That fine will expire on Nov. 3, but Meta could risk a much heavier financial penalty, according to Tobias Judin, the head of Datatilsynet’s international section.
“Since we now will get a permanent ban, non-compliance with the EU/EEA-wide ban would in itself be a violation of the GDPR, which could be sanctioned with up to 4% of global turnover,” Judin told Reuters.
GDPR, the General Data Protection Regulation, is the EU’s rules on information privacy.
Norway is not a member of the EU but is part of the European single market.
The decision affects some 250 million Facebook and Instagram users in Europe, Datatilsynet said.
($1 = 11.1800 Norwegian crowns)
Reporting by Gwladys Fouche, editing by Terje Solsvik and Tomasz Janowski
Our Standards: The Thomson Reuters Trust Principles.