Privacy regulators in the European Union ruled on Monday that Meta platforms like Instagram and Facebook shouldn’t be able to hide behind their terms of service in requiring users to agree to targeted ads based on data related to their online activity when using the apps, according to a report from the Wall Street Journal. While the ruling hasn’t been disclosed publicly, the report cited individuals familiar with the regulators’ decision.
The ruling calls on Ireland’s Data Protection Commission — Meta’s privacy regulator in the EU — to issue public orders reflecting the decision and levy fines, the report said.
Meta can appeal the ruling, but if upheld, the decision can deal a significant blow to the tech giant’s lucrative advertising business. With less data to rely on for advertising, personalized ads across Facebook and Instagram would be far less effective.
“This is not the final decision and it is too early to speculate. GDPR allows for a range of legal bases under which data can be processed, beyond consent or performance of a contract. Under the GDPR there is no hierarchy between these legal bases, and none should be considered better than any other,” a Meta spokesperson told CNET in an email. “We’ve engaged fully with the DPC on their inquiries and will continue to engage with them as they finalize their decision.”
The final decision will come from the Irish Data Protection Commission and is expected in January, Meta told CNET.
Ireland’s Data Protection Commission did not respond to CNET’s request for comment on the ruling.
This isn’t the first time Meta has faced scrutiny from privacy regulators in Europe. The company was fined $275 million in November after scraped data from Facebook was found on the internet and $400 million in September for failing to protect children’s privacy on Instagram.