The Norwegian Data Protection Authority (DPA), the country’s data privacy watchdog, has banned behavioral advertising on Meta’s Facebook and Instagram social networks.

The ban prohibits the practice unless the company obtains explicit consent from Norwegian users to process their personal data.

Meta extensively monitors user actions, meticulously tracking their activities on its platforms, according to Norway’s DPA.

The company uses content preferences, information it posts to Facebook and Instagram, and their location information to create personalized profiles that facilitate targeted advertising, a tactic commonly referred to as behavioral advertising.

“The Norwegian Data Protection Authority considers the practice of Meta to be illegal and therefore imposes a temporary ban on behavioral advertising on Facebook and Instagram,” the data protection agency said. said.

“The Norwegian Data Protection Authority does not prohibit personalized advertising on Facebook or Instagram as such. The ruling does not, for example, prevent Meta from targeting advertising based on information a user has put in their biography, such as location, gender and age, or based on interests a user has provided themselves.”

Failure to comply with the ruling would result in a daily fine of approximately $100,000, as enforced by the Norwegian DPA.

Although this is only a temporary three-month ban starting August 4 (due to the agency’s limited authority), the privacy watchdog said it is considering contacting the European Data Protection Board (EDPB) to extend the decision beyond the initial three-month ban.

Behavioral advertising fine of 390 million euros

In December 2022, the Irish Data Protection Commission (DPC) fined Meta a total of €390 million (~$438 million) for conducting unlawful behavioral advertising, requiring Facebook and Instagram users to consent to the processing of their personal data for the purpose of targeted advertising.

The Irish DPC has also ordered Meta to bring its current data processing operations into compliance with GDPR regulations within the next three months.

However, despite some changes to comply with the Irish DPC’s December ruling, the Court of Justice of the European Union (CJEU) find that Meta’s GDPR approach to behavioral advertising is still largely illegal.

“Since then, Meta has made some changes, but a new ruling by the Court of Justice of the European Union (curia.europa.eu) has ruled that Meta’s behavioral advertising still does not comply with the law,” the Norwegian watchdog said.

“Therefore, the Norwegian Data Protection Authority is now taking action by imposing a temporary ban.”

Meta’s non-compliance lines up with the company’s statement after it was fined in December. The company rejected the conclusions of the DPC and said he would appeal the fines, accusing the decision of a “lack of regulatory clarity”.

“Facebook and Instagram are inherently personalized, and we believe providing each user with their own unique experience — including the ads they see — is a necessary and essential part of this service,” Meta said.

In November, Meta received an additional 265 million euros ($275.5 million) fined by Ireland’s data watchdog for failing to protect Facebook users’ data from scrapers after data related to 533 million Facebook accounts leaked to hacker forum.