The Norwegian Data Protection Authority (Datatilsynet) has announced that Meta Platforms, the parent company of Facebook, will be subjected to a daily fine of 1 million crowns ($98,500) starting from August 14 due to violations of privacy regulations. This substantial penalty could establish a precedent with potential ramifications for other European nations as well.
On July 17, Datatilsynet issued a warning to Meta Platforms, indicating that fines would be levied if the privacy breaches identified by the regulatory body were not rectified.
The regulator instructed Meta Platforms to cease the collection of user data in Norway, including physical locations, for the purpose of targeted advertising, commonly known as behavioral advertising. This practice is prevalent among major tech corporations.
Meta Platforms had until August 4 to demonstrate to the regulatory body that the privacy issue had been resolved.
As of the upcoming Monday, a daily fine of 1 million crowns will be imposed on Meta Platforms, according to Tobias Judin, the Head of Datatilsynet’s international section. This fine will remain in effect until November 3, following which Datatilsynet could potentially make it a permanent measure by referring the decision to the European Data Protection Board. This Board possesses the authority to endorse the ruling of the Norwegian regulator. If approved, the impact of this decision could extend throughout the entire European region. However, Datatilsynet has not taken this step at present.
Meta recently announced its intention to seek user consent within the European Union prior to enabling businesses to engage in targeted advertising based on user interactions with its services, such as Facebook and Instagram.
Judin emphasized that Meta’s proposed consent-seeking measure was inadequate. He stressed that Meta must immediately cease the processing of personal data and refrain from resuming such activities until the consent mechanism was fully operational.
“Meta claims that it will take several months, at the earliest, for them to implement this,” Judin stated. “Furthermore, we are unaware of the specifics of the consent mechanism. Meanwhile, individuals’ rights are being violated on a daily basis.”
Meta clarified that the adjustment in their approach was motivated by regulatory obligations in the European region, stemming from a directive issued in January by Ireland’s Data Protection Commissioner. Acting as Meta’s primary regulator within the EU, the Irish authority instructed the company to review the legal basis of its advertising targeting practices.
It is noteworthy that while Norway is not an EU member, it remains a participant in the European single market.
