The EU’s European Data Protection Board (EDPB) ruled on Monday that the social media giant Meta cannot require its users to agree to personalized ads based on their activity, sources familiar with the matter told the Wall Street Journal. (via Reuters)
The EDPB has asked the Irish Data Protection Commission to issue its final decision within a month, and Meta is also likely to face ‘’dissuasive fines’’, the sources said.
The Irish regulator has already fined the social media company over $900 million in the last 15 months, including a $402 million fine in September for mishandling children’s data, and a $277 million fine in October for failing to protect its users’ data.
“This is not the final decision and it is too early to speculate,’’ the company said in a statement. ‘’GDPR allows for a range of legal bases under which data can be processed, beyond consent or performance of a contract. Under the GDPR there is no hierarchy between these legal bases, and none should be considered better than any other. We’ve engaged fully with the DPC on their inquiries and will continue to engage with them as they finalise their decision.“
According to a recent report from Usercentrics, 90% of EU apps fail to comply with GDPR regulations, which require them to get user consent for tracking their data.