Under pressure, Meta announces it will end behavioral advertising in Europe
This article was updated at 4:15 p.m. EST on August 2 with comment from the Irish Data Protection Commission.
Living up to its reputation as a data privacy trailblazer, the European Union (EU) has effectively forced Meta to begin allowing European users to opt out of its behavioral advertising model.
The company released a blog post Tuesday announcing that it will begin offering users the right to consent to the advertising in response to “a number of evolving and emerging regulatory requirements in the region.” Behavioral advertising generally involves ads tailored by information collected from a user’s web browsing habits or app usage.
Meta’s post cited how the EU’s lead data protection regulator, the Irish Data Protection Commission (DPC), is now interpreting the General Data Protection Regulation (GDPR), the landmark EU privacy law.
“We have listened carefully to regulatory feedback from the Irish DPC, including how it is interpreting recent decisions by the European Court of Justice, in deciding to make this change,” the blog post said.
Meta’s announcement is widely seen as an attempt to blunt the impact of an inevitable near-term regulatory reality so that it can appear to be proactive while also giving itself the opportunity to help set the timeframe for the change.
The blog post claims that marketers will still be able to run “personalized” campaigns in Europe. It is unclear how Meta is differentiating those campaigns from the behavioral advertising it has long relied on to generate its extraordinary profits.
The new consent model will not be available to Americans or other Facebook users outside of the European Union, the European Economic Area, and Switzerland.
The Wall Street Journal, which broke the story, reported Tuesday that Meta has told regulators it would like to shift to a consent model by late October. However, the Journal also suggested that Meta has hinted at putting off the change until early next year so that it can more seamlessly integrate its new practices with a separate EU initiative, the Digital Markets Act, which will more strictly regulate how consumers’ data can be intermixed to enhance behavioral advertising.
Meta’s blog post is vague on implementation timing, only saying that it expects the change to take place in “the months ahead.”
DPC Deputy Commissioner Graham Doyle confirmed to Recorded Future News that the agency had "received correspondence from Meta in relation to this matter," but could not comment further.
The Meta announcement also comes amid increasingly aggressive regulation from EU member states. Last month Norwegian regulators temporarily banned Meta from running behavioral ads without user sign off.
Personalized vs. behavioral
As recently as January, Meta was resisting stricter regulation of behavioral advertising in Europe, saying in response to a DPC crackdown that it “strongly” believed its approach “respects GDPR, and we’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.”
The blog went on to assert that the company wanted to “reassure users and businesses that they can continue to benefit from personalized advertising across the EU through Meta’s platforms.”
Max Schrems, the privacy advocate who first filed the forced consent claim against Meta in 2018, released a statement on his organization’s website Tuesday questioning how sweeping the changes announced by Meta will really be.
“We will see if Meta is actually applying the consent requirement to all use of personal data for ads,” Schrems said. “So far they talk about ‘highly personalized’ or ‘behavioral’ ads and it’s unclear what this means. The GDPR covered all types of personalization, also on things like your age, which is not a ‘behavior’. We will obviously continue litigation if Meta will not apply the law fully.”
Schrems also criticized the DPC for taking five years to enforce the GDPR so that Meta “finally comes to the conclusion that it must ask people if it's allowed to spy on them for ads.”
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.