I wrote last week about Meta's planned switch to obtain "consent" from users in order to display targeted advertisements to them. It was unclear what timeframe would apply for Meta to implement the change, however one thing was certain: it would be a big task and Meta would need a number of months to implement the consent mechanism across Europe.
The Norwegian regulator, Datatilsynet has now stolen a march on Meta. They have announced that Meta will be fined 1 million crowns (USD98,500) a day over the "harvesting of user data in Norway, such as users' physical locations...to target advertising at them" in breach of data protection laws. According to Tobias Judin, Head of the International Section at Datatilsynet, Meta's announcement last week was not enough. Meta must address the legal bases on which it processes personal data for ad targeting purposes by 14 August or be hit with a daily fine in Norway.
If this wasn't bad enough, it could get even worse for Meta. The fine will run until 3 November and it could be made permanent if the Norwegian regulator were to refer the matter to the European Data Protection Board (EDPB) and the EDPB agreed with Datatilsynet's decision. This might result in the decision being applied across the whole of the European Union (!) and would have far more drastic and immediate consequences for Meta's revenue and ad serving capabilities than the orderly transition proposed by Meta.
Meta had to stop the processing of personal data immediately, and until that consent mechanism was up and running.
"According to Meta, this will take several months, at the very earliest, for them to implement ... And we don't know what the consent mechanism will look like," Judin said.
"And in the (meantime), peoples' rights are being violated, every single day."