Oslo : On July 17, the Norwegian Data Protection Authority (Datatilsynet) issued a stern warning to Meta Platforms, cautioning the company that it would incur fines if it failed to address the privacy breaches highlighted by the regulatory body. The directive included a deadline until August 4 for Meta Platforms to rectify the identified issues. Specifically, Datatilsynet instructed Meta Platforms, the parent company of Facebook, not to engage in the collection of user data in Norway, including physical locations, for the purpose of targeted advertising – a practice commonly known as behavioral advertising, prevalent among major tech corporations.
With the deadline fast approaching, Datatilsynet has announced its decision to impose a substantial daily fine of 1 million crowns (equivalent to approximately $98,500) on Meta Platforms, effective from August 14. The implications of this substantial penalty extend beyond financial consequences; they have the potential to establish a significant precedent that could impact other European nations as well.
Tobias Judin, Head of Datatilsynet's international section, has underlined the necessity of immediate action by Meta Platforms to address the breach. Judin emphasized that Meta's recent proposal to seek user consent within the European Union for targeted advertising was insufficient. He contended that Meta must immediately cease the processing of personal data and only recommence after implementing a fully operational and functional consent mechanism, a process Meta claims may take several months.
While Meta Platforms has stated that their adjustment in approach is influenced by regulatory requirements in the European region, it's important to note that this shift originates from a directive issued by Ireland's Data Protection Commissioner in January. Acting as the lead regulator for Meta within the EU, the Irish authority mandated a review of the legal foundation underpinning the company's advertising targeting practices.
Although Norway is not a European Union member, it remains an integral part of the European single market. The Datatilsynet's firm stance on data privacy holds relevance within the broader European context, as it prompts a broader examination of the practices of major tech companies in the realm of privacy breaches.