It’s been a busy start to 2023 with Elon Musk’s never-ending sh**show at Twitter continuing to dominate headlines, so you’d be forgiven if you missed a story about a regulatory ruling in Europe – but it’s a truly consequential development.
To understand what happened and why it matters so much, first, let’s take a step back. Five years back, to be exact. In 2018, the European Union (EU)’s landmark privacy law – the General Data Protection Regulation, or GDPR – officially came into force.
In theory, the GDPR placed game-changing new restrictions on companies’ ability to extract and monetize our personal data without express consent. In practice, though, the law’s enforcement had been infamously lackluster for the first few years of its existence. And in turn, Big Tech companies and the surveillance advertising industry writ-large basically continued their business as usual – invasively and to great societal detriment.
Thankfully, that’s finally starting to change. Over the last year or two, EU regulators have begun bringing a slew of cases against bad actors, and none more important than this one: on January 4, the Irish Data Protection Commission (DPC) – Meta’s primary European regulator, as their headquarters are in Dublin – ruled that Facebook and Instagram’s surveillance advertising business (read: its entire profit model) was operating unlawfully. In particular, they determined that the company could not simply force users to submit to terms of service that allow Meta to exploit their personal data for ad targeting.
The DPC slapped Meta with a roughly $400 million fine – but more importantly, they ruled the company had to bring its data processing operations into compliance within three months. Meta still plans to appeal this ruling, but even if they lose that appeal, it will still mandate they change their practices within the EU.
The ruling represents an unprecedented threat not only to Meta, but to the entire toxic business model of surveillance advertising. Every corporation that operates in Europe has been put on notice that the exploitative status quo in online advertising – in which companies can just demand we agree to their terms and then spy on us as we traverse the web to microtarget us with ads – is illegal under EU law. That’s a big deal, and an unmistakable indication of where we are headed as global momentum continues to build from policymakers and consumers alike.
Read the full statement on the ruling from our Executive Director, Nicole Gill
And while the US has lagged behind our European friends when it comes to holding Big Tech accountable, their surveillance advertising machine is finally facing the music at home, too. Just weeks after the EU’s high-stakes ruling against Meta, we applauded the US Department of Justice (DOJ) for filing a landmark antitrust lawsuit against Google’s monopolistic ad business. The DOJ’s complaint tracks closely with the arguments we made in our historic rulemaking petition urging the FTC to ban surveillance as an unfair method of competition.
This fight is far from over, but at long last, we are landing some serious blows. Onward!