23.2 C
New York
Friday, July 12, 2024

Norway Took On Meta’s Surveillance Ads and Won

When you watch a video on Instagram, the app's algorithms are also watching you. As you scroll, they are hoovering up information to figure out what makes you tick—not only to show you content that keeps you coming back, but also to show you ads that are more likely to make you buy something.

Meta calls the information it compiles about how users behave across its apps “activity.” That activity might include what they say in social media posts or comments, the contents of the (unencrypted) messages they send or receive, the hashtags they use, and how long they spend watching certain types of posts or videos.

When compiled, this information can reveal incredibly personal information, potentially ranging from an individual’s musical tastes to their menstrual cycles. “These data are rather potent in the sense that they will tell you everything about a person's online behavior and therefore also their interests, their personality,” says Tobias Judin, spokesperson for Norway’s privacy watchdog, Datatilsynet. When that information about how a user behaves online is used to inform what type of ads that person sees, it becomes what’s known as behavioral advertising. “Literally everything that you do on these platforms can be recorded and used for behavioral advertising purposes,” he says.

For years, European courts have argued that Meta cannot use this type of data for advertising unless the company asks for users’ explicit—yes or no—consent. But in July, Norway went a step further, branding the way Meta carries out behavioral advertising as illegal. The watchdog threatened to ban Meta’s behavioral ads in Norway and pledged to fine the tech giant $100,000 per day unless the company changed its ways. The ban was due to take effect on August 4; three days before that, on August 1, Meta quietly published an update to a January blog post announcing its intention to comply.

“Today, we are announcing our intention to change the legal basis that we use to process certain data for behavioral advertising for people in the EU, EEA and Switzerland from ‘Legitimate Interests’ to ‘Consent,’” the blog post read, without saying specifically when the change will take place or mentioning Norway. Meta declined WIRED’s request to comment further.

Norway is chalking this up as a victory. “While Meta states that this is a voluntary change on their end, that appears very unconvincing,” says Judin. “Asking users for consent could negatively affect the company’s earnings, and historically speaking, Meta has not been willing to sacrifice profits for privacy unless forced.” Meta said the wider Europe region generated almost a quarter of its advertising revenue in the three months leading up to June 30.

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

Norway’s threat was a bold move. “We normally don't ban processing activities like this,” Judin says. But the regulator has become a new thorn in Meta’s side. Last year, the watchdog came under new leadership, with privacy lawyer Line Coll taking the helm as director. Speaking to the Norwegian business magazine Kapital in May, she suggested she was thinking about new ways to use sanctions to better protect privacy. So far, she has delivered.

However, the Norwegian order formed only the top of a very large pile of legal challenges to the way Meta deployed personalized advertising in Europe.

In response, the company has adopted different legal justifications for doing this type of advertising that did not require users’ consent. Initially it argued that behavioral ads were an essential part of its business. After that was questioned in the courts, Meta claimed a “legitimate interest” to use that information. Then, in July, the EU’s Court of Justice decided that didn’t fly unless users were asked for consent. After that, Norway’s complaint was simply the straw that broke the camel’s back.

The real root of Meta’s decision was a ruling by the European Data Protection Board in January and the EU Court of Justice case in July, says Max Schrems, who runs the influential Vienna-based privacy campaign group NOYB. However he notes that the regulator in Norway—which is part of the European Economic Area, not the EU—has become a forceful voice in trying to get Meta to comply with European tech rules. “The Norwegians are really applying the law as it is, which a lot of other DPAs [data protection regulators] don’t really do,” he says.

The fact that Meta is indicating it will now ask for European users' consent is not significant in itself, says Schrems. “We knew this is the law since the GDPR came into force,” he says. “It’s more significant that Meta has simply ignored the law for the last five years.”

Back in Norway, Judin says the regulator feels positive about Meta offering users more choice about how their information informs the advertising they see. However he wants to make sure they are not nudged in any way into giving that consent. “We will follow closely how Meta implements the change,” he says.

Related Articles

Latest Articles