Logo and page links

Main menu

The Norwegian Data Protection Authority's decision against Meta is extended to the EU/EEA and made permanent

The European Data Protection Board (EDPB) has decided that the Norwegian ban on behavioural advertising based on contract and legitimate interest on Facebook and Instagram will become permanent and be extended to apply to the entire EU/EEA.

- We are very pleased that the EDPB agrees with our assessments and extends our ban. The aim is to ensure better data protection for users across Europe, says Director General of the Norwegian Data Protection Authority Line Coll.

The Norwegian Data Protection Authority is very concerned about the illegal tracking, monitoring and profiling that takes place on Facebook and Instagram. Although it has long been clear that Meta is breaking the law, and despite the Norwegian Data Protection Authority's ban, Meta continues with its illegal processing of personal data. This is the reason why we have chosen to bring the matter to the EDPB, which has now agreed that there is an urgent need for a permanent ban on the illegal activities at European level.

Facebook and Instagram have over 250 million active users in the EU/EEA.

The EDPB's decision is an instruction to the Irish Data Protection Commission to issue a permanent ban to Meta Ireland, Meta's European headquarter. Once this has been carried out, the ban will come into effect.

- Enough is enough. After more than five years of violating users' fundamental rights, the EDPB is now putting its foot down against Meta's lack of respect for the law, says Head of the International Section, Tobias Judin.

Meta has been clearly informed that their business model and processing of personal data are in breach of European data protection law. Meta has stated that they will ask users for consent to use their data for behavioural marketing in the future. However, the company has not introduced any actual changes yet, and thus the illegal activities continue to this very day.

Furthermore, the Norwegian Data Protection Authority strongly doubts that Meta's proposed ‘consent’ mechanism, often dubbed ‘pay or okay’, complies with the GDPR. The EDPB’s decision is therefore important to avoid Meta's infringement continuing while the company is exploring its options.