News
NEW
European Data Protection Authorities push for stringent regulations on ad tech sector
European Data Protection Authorities push for stringent regulations on ad tech sector

Published November 24, 2023
by Jivika Lillaney

min read

Summary

    The recent binding decision by the European Data Protection Board (EDPB) regarding Meta's personalized advertising practices may have broader implications for advertising technology companies and ad-based business models in the European Union (EU). This decision responds to Meta's violations of the EU General Data Protection Regulation (GDPR). 

    While Meta has proposed a move to an ad-free subscription model for Facebook and Instagram users in the EU to address these violations this month, EU data protection authorities are signaling deeper scrutiny of the entire advertising technology industry. Regulators from Belgium, France, and Germany have indicated at the IAPP Europe Data Protection Congress that significant changes in ad tech privacy regulations are on the horizon. 

    "What happens to the data which has already been collected in the past? Will it still be used for profiling? Those are questions I think we have to pay attention to"

    -Hielke Hijmans, President, Belgium Data Protection Authority Litigation Chamber (Source: IAPP)

    Personalized advertising, which relies heavily on profiling behavioral data, may face challenges in meeting GDPR standards related to legal basis, legitimate interest, and consent.

    Meike Kamp, Berlin Commissioner for Data Protection and Freedom of Information, referenced previous decisions against Meta, where the performance of a contract for personalized advertising did not meet GDPR standards, and the Court of Justice of the European Union ruled that Meta could not justify data processing for personalized advertising without the data subject's consent.

    The future of behavioral advertising in the EU may hinge on the ongoing EDPB review of Meta's "pay or OK" consent-based subscription model. While some authorities, like Norway's Datatilsynet, have deemed the subscription model noncompliant, the EDPB's final decision is pending. Concerns have been raised about the subscription model's affordability for users, especially teenagers, and questions about using previously collected data for profiling.

    It's important to note that the subscription model focuses on data collection rather than advertising in general. Kamp emphasized that "business as usual" might not be possible under GDPR requirements, irrespective of user payments or consent. 

    What are your thoughts regarding payment models? Join the conversation in our Yes We Trust community, a free discussion group for data privacy professionals and enthusiasts, on LinkedIn:

    Go to the Yes We Trust community

    Related Articles
    Our freshest data privacy content for you
    • News

    Norway pushes for broader EU ban on Meta's non-consensual tracking ads │Yes We Trust

    October 11, 2023 by Jivika Lillaney

    Norway pushes for broader EU ban on Meta's non-consensual tracking ads

    Read Article

    • News

    ChatGPT: European data regulators are setting up a working group | Yes We Trust

    April 25, 2023 by Melissa Walehiane

    ChatGPT: European data regulators are setting up a working group

    Read Article

    • News

    NOYB challenges Meta with GDPR complaint over controversial subscription model │ Yes We Trust

    November 29, 2023 by Jivika Lillaney

    NOYB challenges Meta with GDPR complaint over controversial subscription model

    Read Article

    • News

    Google's Bard is now available - unless you're in the EU or Canada | Yes We Trust

    May 16, 2023 by Yes We Trust

    Read Article

    • News

    Meta to launch ad-free subscription plans in Europe | Yes We Trust

    November 2, 2023 by Jivika Lillaney

    Meta to launch ad-free subscription plans in Europe

    Read Article

    • News

    Brazil and Nigeria are now part of the Global Privacy Assembly | Yes We Trust

    October 27, 2023 by Jivika Lillaney

    Brazil and Nigeria are now part of the Global Privacy Assembly

    Read Article