Meta (Facebook and Instagram) prohibited from using personal data for advertisement and issued fines totalling € 390 Million with a third case pending for WhatsApp.
The European Centre for Digital Rights (NOYB) has delivered a major blow to Meta’s business model.
The GDPR allows for six legal bases to process data, one of which is consent under Article 6(1)(a). Meta tried to bypass the consent requirement for tracking and online advertisement by arguing that ads are a part of the “service” that it contractually owes the users. The alleged switch of legal basis happened exactly on 25 May 2018 at midnight when the GDPR came into force.
Key Facts:
- Two complaints filed by noyb on behalf of an Austrian and Belgian user on May 25th, 2018 (the day the GDPR became applicable) were decided today.
- A third complaint on WhatsApp on behalf of a German user was delayed to mid-January, according to an email by the DPC.
- Meta tried to “bypass” the consent requirement in the GDPR by adding a clause to the terms and conditions for advertisement.
- In December 2022, the EDPB overturned a previous draft decision by the Irish DPC that took the view that Meta’s bypass of the GDPR was legal.
- The final decision requires that Meta may not use personal data for ads based on an alleged “contract”. Users therefore need to be provided with a yes/no (“opt-in”) consent option, otherwise Meta may not use their data for personalized advertisement.
- The decision does not prohibit other forms of advertisement (like contextual ads, based on the content of a page).
For full details of the news breaking story from NOYB, please see the following – https://noyb.eu/en/breaking-meta-prohibited-use-personal-data-advertisment.
