General Data Protection Regulation (GDPR)
,
Governance & Risk Management
,
Privacy
European Court of Justice Says Meta May Not Indefinitely Retain User Data
David Perera (@daveperera) •
October 4, 2024
The European Court of Justice In Luxembourg in a 2014 photo. (Image: Shutterstock)
Targeted advertising may face additional restrictions following a ruling by the top European Union court that social media giant Meta cannot indefinitely retain user data. Nor can it use data for advertising “without distinction as to type of data,” the European Court of Justice said Friday.
See Also: How Enterprise Browsers Enhance Security and Efficiency
The ruling stems from a 2014 case brought by Austrian privacy advocate Max Schrems, who on his own and through nonprofit None Of Your Business has waged a years-long campaign pitting European privacy regulations against omnipresent online data collection used by major tech companies to personalize advertising – and in particular, against Facebook and Instagram parent Meta (see: Meta’s AI Model Training Comes Under European Scrutiny).
The court has yet to publish its full opinion, but a brief summary states that the General Data Protection Regulation prohibits online platforms from aggregating, analyzing and processing data “without restriction as to time and without distinction as to type of data.”
Online platforms must follow the principle of data minimization, the court said. “Meta has basically been building a huge data pool on users for 20 years now, and it is growing every day,” said Schrems’ attorney Katharina Raabe-Stuppnig. “Following this ruling only a small part of Meta’s data pool will be allowed to be used for advertising – even when users consent to ads.”
Privacy advocates say targeted advertising technology depends on a system of pervasive online surveillance that violates human rights unless explicitly agreed to by users. Internet giants such as Facebook and Google argue that targeted advertising enables them to offer cost-free access to powerful digital technology and that users prefer receiving tailored to their interests, regardless of the context in which they appear.
Critics of targeted advertising already scored a partial victory in 2023 with a European Court of Justice ruling in a case brought by the German competition authority finding that online platforms can’t rely on privacy law exceptions from obtaining user consent when processing data obtained from third-party websites that have Facebook code integrated onto them, such as through a like or share button.
Facebook says roughly 10% of its worldwide revenues come from ads delivered to Facebook users in trading bloc members.
The European court also weighed in on the question of whether a public disclosure by Schrems during a panel discussion in Vienna of his sexual orientation can be processed for targeted advertising. It said the Austrian Supreme Court should examine whether the disclosure is tantamount to a public data. If the data is public, it may be processed in compliance with the GDPR. “However, that fact alone does not authorize the processing of other personal data relating to that data subject’s sexual orientation,” the court said, a statement Raabe-Stuppnig said is a win for the privacy advocate.
Facebook did not immediately respond to a request for comment, but told TechCrunch it is waiting for publication of the court’s opinion before commenting. It also said it doesn’t use “special category data” such as sexual orientation as well as ethnicity, health status or religion for targeted advertising.
Source link : https://www.bankinfosecurity.com/meta-hit-again-targeted-advertising-limits-in-europe-a-26455
Author :
Publish date : 2024-10-04 20:39:20
Copyright for syndicated content belongs to the linked Source.