The regulators declared that this kind of coerced consent falls foul of the General Data Protection Regulation (GDPR), the EU’s wide-reaching privacy law.
This doesn’t mean it’s a done deal though. Ireland’s Data Protection Commission still needs to issue specific orders and decide on the fine in question. And, beyond this, Meta has the option to appeal the ruling.
If this is upheld, it would mean that Meta — and, more broadly speaking, big tech companies that make profit through the advertising business model — would need user consent before using personal information and online activity to create tailored adverts.
And here’s the tipping point: Meta would still have to offer its social networks to people, whether they consent to being targeted or not. This could not only spell severe financial hurdles for Meta and similar companies, but also unsettle the foundation many online businesses are built on.
This ruling by EU could hit the company even harder, but, of course, nothing is set in stone yet.
Despite this, the EU’s ruling demonstrates that the 27-member bloc is ramping up the enforcement of GDPR.
The regulation’s requirements for “obtaining explicit consent and providing individuals with control over their personal data” are designed to “enhance privacy in the EU,” Sam McCraw, founder and CEO of Design Hub, told TNW.
Individuals should have “greater control over how their personal data is used,” he added, which is vital because of the sensitive nature of such information.
Following massive fines on Amazon and WhatsApp over online privacy concerns, this hit to Meta is yet another step towards establishing stronger data protection practices in the bloc. Now, we just have to wait and see what happens next.