Targeted advertising is as controversial as it is profitable. Meta has now been fined Euro 390 million for breaking EU data rules in a five year old case. The discussions about targeted advertising will continue now that Europe’s Digital Markets Act is in force. The Act is understood to prohibit advertisers from using personal data collected during a service for the purposes of another service without prior consent. The questing is how the ad business will get this consent.
The Irish Data Protection Commission (DPC) now says the way Meta asked permission to use peoples’ data for ads on Facebook and Instagram was unlawful. Formally, Meta has three months to change how it obtains and uses data to target ads but the company insists that it strongly believes its approach respects EU privacy rules in GDPR:
“We’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.”
The company in a blog post comments on the DPC fine saying that “these decisions do not prevent personalised advertising on our platform. Advertisers can continue to use our platforms to reach potential customers, grow their business and create new markets.”
It is not clear that the DPC would agree. As Facebook has its European headquarters in Dublin, it is up to the Irish authority to check that the company follows EU rules.
Meta says that since GDPR came into force, Meta has relied on Contractual Necessity to process the data needed to provide behavioural advertisements in the EU.
“We have always been open with regulators and courts about this, and in previous assessments of our services they did not object to the use of Contractual Necessity for this type of activity.”