EU's Top Court Restricts Meta's Use of Personal Data for Targeted Ads
The European Union's highest court has declared that Meta, the parent company of Facebook, cannot use personal data collected from its own platforms or external sources for targeted advertising without complying with strict limitations and restrictions under the EU's privacy laws.
Victory for Privacy Advocates
The ruling, which privacy advocates have celebrated as a triumph, was issued on October 4 by the Court of Justice of the European Union. This was in response to a lawsuit filed by Austrian activist Max Schrems, a long-time advocate for stricter enforcement of the EU's General Data Protection Regulation (GDPR).
Schrems accused Facebook of processing his sensitive personal data to deliver targeted ads to him, in violation of the GDPR, specifically the data minimization rule. This rule requires companies to limit the amount of personal data they collect and store to what is strictly necessary.
Meta's Data Practices Violate GDPR Principles
The court agreed with Schrems, stating that Meta's data practices violated GDPR principles. According to the court's findings, Meta had been aggregating and processing vast amounts of user data for advertising purposes without appropriate restrictions on time or the type of data involved.
The court's ruling stressed that even users who consent to personalized ads cannot have their data processed indefinitely, as Meta had been doing.
Implications for the Online Advertising Industry
Katharina Raabe-Stuppnig, Schrems’ lawyer, expressed satisfaction with the ruling, while highlighting the broader implications of the decision for the online advertising industry. She noted that other companies operating without stringent data deletion practices will also be affected.
“Meta has essentially been building a massive data pool on users for 20 years now, and it is growing daily. However, EU law requires ‘data minimisation,’” she said. “Following this ruling, only a small part of Meta’s data pool will be allowed to be used for advertising—even when users consent to ads. This ruling also applies to any other online advertisement company that does not have stringent data deletion practices.”
Meta's Response and Ongoing Challenges
In response to the court’s decision, Meta stated that it was reviewing the judgment and reiterated its commitment to privacy. The company stated that it "takes privacy very seriously."
This ruling is the latest in a series of legal and regulatory challenges for Meta in Europe. The tech giant has been the focus of multiple investigations, particularly around compliance with the GDPR. The EU’s focus extends beyond data privacy to include concerns about how digital platforms’ algorithms and system designs impact behavior. Meta’s recommender systems, which power its advertising-driven business model, are under scrutiny for potentially fostering addictive behaviors, particularly in minors.
Bottom Line
This ruling is a significant step in the ongoing debate about data privacy and the responsibilities of tech giants like Meta. It underscores the importance of stringent data minimization practices in the online advertising industry. What are your thoughts on this development? Do you believe it will significantly impact the way online advertising operates? Share your thoughts with your friends and remember to sign up for the Daily Briefing, which is delivered every day at 6pm.
