Meta’s facing a new battle in Spain, with a coalition of Spanish media outlets seeking $US600 million in damages as part of an anti-competitive lawsuit against the company, alleging that Meta has repeatedly violated EU data protection rules in order to dominate the local ads market.
The group, representing 83 Spanish media outlets, claims that Meta has continued to gather user data without consent, in violation of the E.U. General Data Protection Regulation (GDPR), which went into effect in 2018.
Under the GDPR, all platforms that utilize personal data must gain explicit consent from users for such, but the group claims that Meta has failed to do so, in the E.U. nations, and everywhere else, which sees it both operating in violation of the laws, and maximizing its own market dominance through the same.
In order to comply with the GDPR, Meta has been working on varying interpretations of the legislation, particularly in relation to how users can signal consent.
Back in January, Meta outlined how it was working to adhere to GDPR mandates by re-framing the requirements of its apps.
As per Meta:
“Facebook and Instagram are inherently personalized, and we believe that providing each user with their own unique experience – including the ads they see – is a necessary and essential part of that service. To date, we have relied on a legal basis called ‘Contractual Necessity’ to show people behavioral advertisements based on their activities on our platforms, subject to their safety and privacy settings. It would be highly unusual for a social media service not to be tailored to the individual user.”
This specific approach seems to be the core of this new push, with Meta recently conceding that it will have to update the legal basis that it uses to process “certain data for behavioral advertising”.
“This change is to address a number of evolving and emerging regulatory requirements in the region, notably how our lead data protection regulator in the EU, the Irish Data Protection Commission (DPC), is now interpreting GDPR in light of recent legal rulings, as well as anticipating the entry into force of the Digital Markets Act (DMA).”
It seems that this element of interpretation has led to a new push from the Spanish media coalition, which it claims could be applied in every other region where Meta operates as well.
Meta has yet to comment on the new filing.
Evolving E.U. data regulations have caused major headaches for all website operators, implementing new requirements to adhere to its rules around user consent and data permissions. Within that, various major companies have also tried to find loopholes in the system that will enable them to continue offering their services as they always have, without impacting their processes.
Meta’s latest trick on this front is its new ad-free subscription package for E.U. users, which essentially enables Meta to maintain its primary ad-serving business model, while also giving users an opt-out if they pay up. Meta doesn’t actually want users to pay for an ad-free version, but simply providing the option is enough, in some legal interpretations at least, to meet these new requirements.
Though that’s also being challenged, with a privacy group filing a complaint with the Austrian Data Protection Authority claiming that this approach, which essentially forces users to pay to maintain data privacy, is also in breach of GDPR rules.
There’s a lot of legal complexity here, far more than anyone who’s not studying each element will be able to fully comprehend, but it seems that the full implications of each element of Europe’s privacy laws are still not entirely ironed out, or clarified for all parties.
This new push will lead to further clarification, though the challenges will likely keep coming, keeping Meta’s E.U. legal team in courts for some time yet.
