Meta Platforms, the owner of Facebook and Instagram, has been ordered by Norway’s data protection authority to pay a daily fine of 1 million crowns ($98,500) for violating users’ privacy rights. The fine will start from August 14 and run until November 3, unless Meta takes action to address the issue.
Meta Accused of Harvesting User Data for Targeted Ads
The regulator, Datatilsynet, said that Meta cannot harvest user data in Norway, such as users’ physical locations, and use it to target advertising at them, called behavioural advertising, a business model common to big tech. Datatilsynet said that this practice infringes on users’ right to privacy and self-determination over their own data.
Datatilsynet had given Meta until August 4 to prove that it had addressed the issue, but Meta failed to do so. “As of next Monday, a daily fine of 1 million crown will start to apply,” Tobias Judin, head of Datatilsynet’s international section told Reuters. The fine will run until November 3.
Datatilsynet can make the fine permanent by referring its decision to the European Data Protection Board, which has the power to do so, if it agrees with the Norwegian regulator’s decision. That could also widen the decision’s territorial scope to the rest of Europe. Datatilsynet had yet to take this step.
Meta Plans to Ask Users for Consent in EU
Meta said last week that it intends to ask users in the European Union for their consent before allowing businesses to target advertising based on what they view on its services such as Facebook and Instagram. Meta said that this change was made to address regulatory requirements in the region and stems from an order in January by Ireland’s Data Protection Commissioner, Meta’s lead EU regulator, to reassess the legal basis on how it targets ads.
However, Judin said that this step was not enough. Meta had to stop the processing of personal data immediately and until that consent mechanism was up and running. “According to Meta, this will take several months, at the very earliest, for them to implement … And we don’t know what the consent mechanism will look like,” Judin said. “And in the (meantime), peoples’ rights are being violated, every single day.”
Norway is not a member of the European Union but is part of the European single market. The country has adopted the EU’s General Data Protection Regulation (GDPR), which gives users more control over their personal data and imposes hefty fines for breaches.
Meta Faces Legal Challenges Around the World
Meta is facing legal challenges around the world over its privacy practices and its role in spreading misinformation and hate speech. In July, US President Joe Biden accused Meta of “killing people” by allowing false information about COVID-19 vaccines to circulate on its platforms. Meta denied the allegation and said it was working to remove harmful content and promote authoritative sources.
In June, Canada’s parliament passed a bill that would require online platforms like Meta to remove illegal content such as hate speech and child pornography within 24 hours or face fines up to 10% of their annual revenue. Meta said the bill was “unconstitutional” and threatened to challenge it in court.
In May, Germany’s competition watchdog launched an investigation into Meta’s use of data from its Oculus virtual reality headsets, saying it could give Meta an unfair advantage over its rivals. Meta said it would cooperate with the probe and that it complied with German and EU laws.