Norway’s data protection regulator, Datatilsynet, has declared that Meta’s tracking practices on Instagram and Facebook violate users’ privacy rights. If the company fails to take corrective action, it will face a fine of one million crowns ($100,000) per day from August 4th to November 3rd. Tobias Judin, the head of Datatilsynet, emphasized the clear illegality of Meta’s actions, prompting the need for immediate intervention.
This development follows a European court ruling that prohibits Meta from collecting user data, including location and behavior, for advertising purposes. Datatilsynet has referred the matter to the European Data Protection Board, which may extend the fine across Europe to exert additional pressure on Meta. While Norway is a member of the European single market, it is not a formal member of the European Union.
Meta, in response to Datatilsynet’s decision, stated that it is reviewing the ruling and anticipates no immediate impact on its services. The company emphasized its ongoing engagement with the Irish Data Protection Commission (DPC), its lead regulator in the EU, regarding compliance with its decisions. Meta acknowledged the ongoing debate surrounding legal bases and the lack of regulatory certainty in this area.
Meta is facing increasing scrutiny in Europe regarding its data privacy practices. Earlier this month, the Irish DPC ruled against Meta’s data collection for behavioral advertising. In May, Meta received a record-breaking fine of €1.2 billion ($1.3 billion) for transferring EU user data to its servers in the United States.
Furthermore, Meta’s new social media platform, Threads, is not yet available in the European Union due to privacy concerns. Meta cited its lack of preparation for a European launch outside the UK, which is not fully governed by GDPR or EU privacy rules. Meta has even taken measures to block EU users from accessing Threads using a VPN.