The European Data Protection Board said on Thursday its binding decision about banning Meta’s platforms from processing personal data for behavioural advertising, according to Euractiv.
The Board is a body that gathers all EU data protection regulators with a view to ensuring consistent application of the General Data Protection Regulation.
Thursday’s decision comes after, starting in early August, Meta-owned platforms faced a temporary three-month ban on behavioural advertising based on extensive user profiling in Norway, as Euractiv reported.
Facebook and Instagram continued to operate in the country, where behavioural advertising infringing the EU regulation on data protection is banned. The penalty was one million Norwegian kroner (almost €89,000) daily.
The social media platforms could also process information a user has put willingly on the platforms, despite the ban, including a user’s bio, place of residence, gender, age, or interests, should the user have provided them himself or herself.
The General Data Protection Regulation (GDPR) applies to all 27 EU member states, plus the three other European Economic Area countries: Iceland, Lichtenstein, and Norway.
Provisional measures with a legal effect on their territory for three months at most can be taken by the national privacy regulator. However, the EDPB and the European Commission must be notified in such cases.
The relevant authority should then ask the EDPB for an urgent ban with proper reasoning as to why they find it necessary.
EDPB’s Chair Anu Talus said that “the EDPB binding decisions clarified that contract is not a suitable legal basis for processing personal data carried out by Meta for behavioural advertising”,
Moreover, “Meta has been found by the IE DPA [Ireland’s Data Protection Act] to not have demonstrated compliance with the orders imposed at the end of last year”, she added. Violating Irish law is particularly problematic because Meta’s European headquarters is located in Dublin.
The Board stressed the urgent need to order final measures, and not only national-level bans, is clear in light of the risks of serious and irreparable harm caused to data subjects without the adoption of final measures.
Meta did not react to Euractiv’s request for comment by the time of publication.