Facebook’s Advertising Practices Run Afoul of Privacy Protection Rules in Europe

Technology Policy Brief #53 | By: Mindy Spatt | February 14, 2023

Header photo taken from: Jeff Chiu / Associated Press


Facebook


Twitter


Linkedin

Follow us on our social media platforms above

Browse more technology policy briefs from the top dashboard

GettyImages 1236118027
Meta threatens to pull the plug on Facebook and Instagram in Europe over data privacy dispute.

Photo taken from: Tolga Akmen / Getty Images 

Policy Summary

[SSB theme=”Official” align=”center” counter=”true” ]

A groundbreaking decision by European regulators is pushing Meta, parent company of Facebook and Instagram, to make changes to its advertising policies. The ruling goes further than any US authority has gone in limiting Facebooks’ ability to collect users’ data. Meta is expected to appeal.

Policy Analysis

Meta’s terms-of-service agreement, the long statement that a user must accept in order to gain access to Facebook and Instagram, got it in the cross hairs of Ireland’s Data Privacy Board, the lead EU regulator because Meta’s European headquarters are in Dublin.  

Included in the agreement is permission for Meta to collect the users’ data and use it for their personalized ad business.  

The Board determined that the placement of user’s legal consent to share their data within the terms of service was in violation of the EU’s General Data Protection Regulation, which requires the user’s consent to data sharing.  The problem is that there is no other way to sign up for Facebook or Instagram and no way to opt out of the data collection, let alone an opt-in, which what privacy advocates have long called for.  

If the decision is finalized and enforced, Meta would need to change its surveillance and consent practices, and the way it’s core advertising works. Targeted ads could no longer be sent to users unless they had affirmatively consented to it.  Meta could pivot to “contextual ads” which are based on the content a user is interacting with. 

Those changes wouldn’t be required here in the US, where no similar federal privacy protections exist.  But any changes that Meta makes as a result of the ruling could affect users in the United States due to the difficulty of applying different rules to users in different countries. 


data protection thumbnail 1
The EU general data protection regulation (GDPR) governs how the personal data of individuals in the EU may be processed and transferred. The regulation was adopted in 2016 and enforced since May 2018.

Infographic taken from:  Council of the European Union

(click or tap to enlargen)

Over in Great Britain, Meta faces additional pressure from Foxglove,  a non-profit that “fights to make tech fair for everyone,”  Tanya O’Carroll,  a campaigner with the group, is suing Facebook under UK data laws.  Her claim is based on the same required terms of service as the EU decision.

The extent to which Facebook’s ad business relies on profiling is hard to fathom; it produces over $100 billion a year in revenue  According to O’Carroll, Facebook has assigned 700 different tracking  categories to her.  Historically, Facebook has tracked users by gender, race, sexual preference, politics and, all important for advertisers, whether they have children.  

Another UK based nonprofit, Global Witness, tested the way Facebook’s targeting works by running a series of ads and found that:

• 96% of the people shown an ad for mechanic jobs were men

• 95% of those shown an ad for nursery nurse jobs were women

• 75% of those shown an ad for pilot jobs were men

• 77% of those shown an ad for psychologist jobs were women

Here in the US, efforts like the Banning Surveillance Advertising Act of 2022  (See Technology Policy Brief #63) have failed to enshrine any privacy rights into federal law. The closest equivalent to GDPR is California’s Consumer Privacy Act, which establishes a state privacy protection agency.

Colorado, Connecticut, Utah and Virginia also have data protection laws, but as of yet no authority requires Meta to offer users an affirmative, opt-in consent option to being tracked.  And an opt-in, which would require Meta to convince users that its targeted ads were desirable, doesn’t seem to be on the table anywhere.  

Engagement Resources​

Click or tap on resource URL to visit links where available 

1200px IAPP logo.svg

State Privacy Legislation Tracker

https://iapp.org/resources/article/us-state-privacy-legislation-tracker/

FOR WEB USE ONLY

Global Witness https://www.globalwitness.org/en/campaigns/digital-threats/how-facebooks-ad-targeting-may-be-in-breach-of-uk-equality-and-data-protection-laws/

E3HVTWSWEAg6 WF

California  Privacy Protection Agency https://cppa.ca.gov

DONATE NOW
Subscribe Below to Our News Service

x
x
Support fearless journalism! Your contribution, big or small, dismantles corruption and sparks meaningful change. As an independent outlet, we rely on readers like you to champion the cause of transparent and accountable governance. Every donation fuels our mission for insightful policy reporting, a cornerstone for informed citizenship. Help safeguard democracy from tyrants—donate today. Your generosity fosters hope for a just and equitable society.

Pin It on Pinterest

Share This