A privacy and human rights advocate sued Meta Platforms in the United Kingdom, claiming the social media giant is refusing her request to stop being targeted with advertising based on her use of Facebook.

Tanya O’Carroll, a senior fellow at Foxglove Legal and a longtime privacy rights campaigner, asserted Meta is violating the U.K. General Data Protection Regulation (GDPR). If successful, the lawsuit could force Meta and other social media companies to change the way they issue targeted advertising to their users.

O’Carroll filed the lawsuit against Meta Platforms Ireland, the company’s EU headquarters, in the U.K. High Court of Justice. She said in the lawsuit she requested multiple times Meta stop sending targeted advertising to her using her personal data but that the company refused, in violation of the GDPR.

“We shouldn’t have to give up every detail of our personal lives just to connect with friends and family online,” said O’Carroll in a press release Monday from her legal representatives at AWO. “The law gives us the right to take back control over our personal data and stop Facebook surveilling and tracking us.”

Privacy advocates have been critical recently of the GDPR’s enforcement track record against Big Tech companies.

“Way too often, the GDPR puts its constraints on small entities but spares the big ones,” said European Data Protection Supervisor Wojciech Wiewiórowski during a speech at a conference in June. “In a way, instead of achieving level playing field, we observe how big companies, thanks to their resources, can benefit from the lack of strong enforcement and further expand their advantage over small competitors.”

The largest GDPR fine to date—746 million euros (U.S. $767 million) imposed against Amazon by the Luxembourg National Commission for Data Protection in July 2021—has not yet been finalized. Meta subsidiary Instagram is facing the second-largest fine: a €405 million (U.S. $417 million) penalty proposed by the Irish Data Protection Commission (DPC) in September.

Last year, the Irish DPC ordered WhatsApp, another subsidiary of Meta, to pay €225 million (then-U.S. $267 million) over claims the company’s data processing activities violated the GDPR. The regulator mandated WhatsApp take steps to remediate the issues, including revising its privacy policy and reminding users of their data subject rights under the GDPR.

WhatsApp appealed the decision.

Meta response: “We know that privacy is important to our users, and we take this seriously,” said a Meta spokesperson regarding the U.K. lawsuit in an emailed statement. “That’s why we build tools like privacy check-up and ads preferences, where we explain what data people have shared and show how they can exercise control over the type of ads they see.”

Aaron Nicodemus covers regulatory policy and compliance trends for Compliance Week. He previously worked as a reporter for Bloomberg Law and as business editor at the Telegram & Gazette in Worcester, Mass.View full Profile

More from Aaron Nicodemus

Topics