Meta fined $98,500 daily over user privacy breach in Norway

Norway’s data protection authority has fined Facebook owner Meta Platforms 1 million krones ($98,500) per day over privacy breaches from 14 August. The regulator, Datatilsynet, has stated that Meta cannot harvest user data in Norway, such as users’ physical locations, and use it to target them using ‘behavioural advertising’, which is commonly used by big tech companies.

Meta had a deadline of 4 August to demonstrate to the regulator that they had taken care of the issue, but the company failed to do so. Consequently, the provisional order has been issued, and the fine will last until 3 November 2023. If Meta does not address the issue, the fine could become permanent.

Meta said it intends to ask users in the EU for their consent before allowing businesses to target priadvertising based on what they view on its services, such as Facebook and Instagram. However, Tobias Judin, the head of Datatilsynet’s international section, said that Meta must stop processing personal data immediately. Adding that the implementation of the consent mechanism will take several months at the very earliest, people’s rights cannot continue to be violated every single day.

Previously, the Irish Data Protection Commission issued a decision that found Meta conducted illegal behavioural advertising, which was supported by all data protection authorities across the European Economic Area (EEA). Meta has made some changes since then, but a fresh decision from the Court of Justice of the European Union stated that Meta’s behavioural advertising still does not comply with the law. Thus, the Norwegian Data Protection Authority is now taking action.

Why does it matter?

Although Norway is not part of the EU, it is part of the European single market, and as a result, Datatilsynet’s stand may have broader implications throughout Europe.