Brussels is trying to act against the web behemoths. The European Data Protection Board (EDPB) announced on Wednesday that it is asking Ireland’s data regulator about the whereabouts of the European headquarters of Metato take measures “within two weeks” to ban “any processing of personal data intended for behavioral advertising” without a contractual commitment from the user to authorize it.
The practice, which consists of collecting and analyzing the data of billions of Internet users to submit carefully personalized advertisements to them, is at the heart of the business models of web giants but is thwarted by the European data regulation (GDPR).
The EDPB adopted last Friday “an urgent and binding decision” to extend a ban on the practice decided by Norway to the thirty countries of the European Economic Area (the 27 EU member states, Norway, Iceland, Liechtenstein) .
This “binding” decision was notified on Monday to the American technology giant, which risks heavy fines in the event of non-compliance. The decision does not amount to a ban on targeted marketing, but it must be subject to informed consent from users.
Meta sentenced to a record fine last May
However, Meta announced on Monday its intention to offer paid subscription plans from November to its European users who do not wish to see their data used, precisely in order to comply with EU regulations.
Facebook and Instagram users who do not consent to the American group collecting their data for advertising targeting purposes will be able to access the platforms without advertising, for a monthly subscription starting at 9.99 euros. Other non-subscriber users “will have the choice to continue to use the two social networks for free” but by accepting the collection of their data and personalized advertisements.
The EU has been fighting for years against the tracking of Internet users without their consent, first with the GDPR adopted in 2016, then with the Digital Markets Regulation (DMA), which came into force this summer. Last May, Meta received a record fine of 1.2 billion euros from the Irish regulator, acting on behalf of the Twenty-Seven, for violating the GDPR by transferring users’ personal data to the United States. : the fourth fine imposed on the Californian giant in the EU in six months.