The Norwegian Data Protection Authority (DPA) is set to impose a temporary ban on Meta carrying out behavioral advertising on Facebook and Instagram using the personal information of users in the country.
The ban will take effect Aug. 4 and initially run for three months if Meta cannot prove compliance with the relevant requirements of the General Data Protection Regulation (GDPR), the DPA announced Monday. The regulator threatened the company with fines of up to 1 million Norwegian kroner (U.S. $100,000) per day should it not comply with the decision.
The decision does not ban Facebook or Instagram in the country; its purpose is to “ensure that people in Norway can use these services in a secure way and that their rights are safeguarded,” explained Tobias Judin, head of the Norwegian DPA’s international department, in the regulator’s release. Users that have consented to receiving behavioral advertising will still be served as such.
The genesis of the Norwegian DPA’s decision was the fine of 390 million euros (then-U.S. $414 million) levied against Meta by the Irish Data Protection Commission for breaching the GDPR by allegedly forcing users to agree their personal data could be used for targeted advertising to access Facebook and Instagram. The penalty, announced in January, was the culmination of a cross-border case that received input from other DPAs across the European Union.
When the Court of Justice of the European Union ruled earlier this month Meta’s behavioral advertising practices were still not GDPR compliant, the Norwegian DPA said it decided to intervene.
The regulator’s ban is allowed for three months, after which the European Data Protection Board must decide if it can be extended further. The Norwegian DPA said Meta disagreed with its decision and has the right to appeal.
Meta did not respond to a request for comment.