Meta is facing different issues and has more than one problem at the moment.
Meta with its U.S. HQ (and many data centers) moves data from Europe to the U.S.
So in May, the Irish privacy regulator fined Meta 1.2 billion euros and ordered it to stop sending information about Facebook users in the EU to the U.S. In their decision, however, they stated that the order to suspend the transfers “will remain effective unless and until” the matters had been resolved, “including by way of new measures, not currently in operation”. They thereby were referring to the Data Privacy Framework.
Meta is on the list of companies that have certified for the Data Privacy Framework. So they could now rely on the framework to process and store EU data.
So one should think that everything now is fine for Meta. But that’s not the case.
Why? Well, because Facebook and Instagram have been temporarily banned in Norway from tracking users online to target them with advertising.
The ban will last three months, starting from August 4. If Meta does not comply with the decision, the company risks a compulsory fine of up to 1 million NOK (€89,500) per day.
The Norwegian authority's decision doesn’t ban Facebook or Instagram in Norway. It also doesn’t prohibit personalized marketing as such. I.e. customized ads can still be shown, but only based on information given by users in the “about” section of their profiles. “Users must have sufficient control over their own data, and tracking must be limited”, says the Norwegian Data Protection Authority. We couldn’t agree more :) More details here.
But the Facebook saga doesn't end here.
On Tuesday this week, Meta shared a blog post announcing the intention to ask users in the EU for their consent before allowing businesses to target advertising on its services such as Facebook and Instagram. Meta promised to share further information on how the process will work in practice over the coming months. We will keep you posted :)
If we start by looking at the latest change; that Meta will now start to ask for consent on Facebook and Instagram - it can have implications for all companies doing advertisements on these platforms.
If a large number of people in Europe refuse to give consent for their data to be collected (and it’s likely to be the case), Meta won’t be able to build audiences for ads as effectively. This will mean that its targeted advertising will become weaker and decrease the value for its business customers.
The continuing issues with Meta also means that the certification under the new Data Privacy Framework doesn’t guarantee that the vendor is compliant with the GDPR, i.e. it doesn’t give a greenlight to all your U.S. vendors.
Before you engage any vendor (based in the EU, the U.S. or anywhere else), you still need to vet them as required by the GDPR to avoid potential risk (or at least minimize it).
Sign up for a regular dose of news and updates from the legal landscape.