The European Supreme Court has ruled that Meta Platforms must limit the use of personal data obtained from Facebook to serve targeted ads, even if users consent to the use of their information for advertising purposes. The move could have serious implications for advertising companies. region
“A social internet network such as Facebook cannot use all personal data obtained for the purpose of targeted advertising without time limits and without distinction by type of data,” the Court of Justice of the European Union (CJEU) said. said in a ruling on Friday.
In other words, social networks such as Facebook cannot indefinitely use users’ personal data for ad targeting, the court said, limits must be set in accordance with the bloc’s General Data Protection Regulation (GDPR) data minimization requirements.
It should be noted that Article 5(1)(c) GDPR requires companies to limit processing to strictly necessary data, preventing collected personal data about an individual – whether collected on-platform or off-platform through third parties – from being combined , are analyzed and processed for targeted advertising without time limits.
The case was originally filed by privacy activist and noyb (None Of Your Business) co-founder Maximilian “Max” Schrems in 2014 over claims that the social media giant targeted him with personalized ads based on his sexual orientation.
“The fact that a person has made a statement about his sexual orientation during a public discussion does not entitle the operator of the online social network platform to process other data related to the sexual orientation of that person, possibly obtained outside of that platform using partner third-party websites and applications for the purpose of aggregating and analyzing this data in order to offer personalized advertising to that person,” the CJEU said.
In a statement, Noyb said it welcomed the ruling and that the result was along expected lines, saying the ruling also applies to any other online advertising company that does not have strict data removal practices.
“Meta and many players in the online advertising space simply ignored this rule and did not provide for any deletion periods or restrictions depending on the type of personal data,” notes the Austrian non-profit organization said.
“The application of the “principle of data minimization” radically limits the use of personal data for advertising. The principle of data minimization applies regardless of the legal basis used for processing, so even a user who consents to personalized advertising cannot have his personal data. is used endlessly.’
In a statement released by Reuters, Meta said it has made a monetary effort to “build privacy” into its products, noting that it “does not use special categories of data that users provide to personalize ads, while advertisers are prohibited from sharing sensitive data.”
This comes after Texas Attorney General Ken Paxton filed a lawsuit against ByteDance-owned TikTok for alleged violations of the US state’s children’s privacy laws, otherwise known as the Child Online Protection through Parental Empowerment (SCOPE) Act.
The lawsuit accused TikTok of not having adequate tools to allow parents and guardians to monitor the privacy and account settings of children between the ages of 13 and 17.
“For example, a parent or guardian has no ability to control (TikTok’s) sharing, disclosure, and sale of a known minor’s personally identifiable information, or (TikTok’s) ability to serve targeted advertising to a known minor,” the lawsuit states. .
“Texas law requires social media companies to take steps to protect children online and requires them to provide tools for parents to do the same,” Paxton said. said. “TikTok and other social media companies cannot ignore their responsibilities under Texas law.”
TikTok, which forbids targeted advertising to those under 18, said he strongly disagrees with the allegations and offers “robust safeguards for teenagers and parents, including family reunification, all of which are publicly available”.
