Meta is currently facing a significant legal challenge and damages claim in Spain. The claim contends that the tech giant’s failure to have a valid legal basis for processing people’s data for advertisements under the data protection rules of the European Union constitutes a competition breach, for which they should be compensated financially.
The Association of Newspaper Owners (AMI), which has more than 80 members, is bringing the lawsuit. These members include the publishers of newspapers such as El País, ABC, and La Vanguardia. In what they refer to as Meta’s “systematic and massive non-compliance” with the General Data Protection Regulation (GDPR) of the European Union, the defendants are seeking a sum of money that exceeds €550 million (about $600 million).
According to what they write in a press release that is written in Spanish and then translated into English using artificial intelligence, “Meta has repeatedly failed to comply with [EU] data protection legislation, ignoring the regulatory requirement that citizens must consent to the use of their data for advertising profiling.” The various resolutions that competent European authorities have passed demonstrate this.
They say, “The systematic and massive use of personal data of Meta platform users, tracked without their consent throughout their digital browsing, would have allowed the American company to offer the sale of advertising space on the market based on an unfairly obtained competitive advantage.” They also say that their lawsuit says that Meta’s entire regional revenue was obtained illegally.
Meta, the company that owns Facebook and Instagram, was given a punishment of 390 million euros in January. This was because EU data protection regulators ruled that the fulfillment of a contract was not a solid legal foundation for the company to monitor and profile users to target them with advertisements.
The General Data Protection Regulation (GDPR)’s final decision, which took years to make its way through the regulation’s dispute resolution and decision-making processes but is currently the subject of an appeal by Meta in the Irish courts, confirmed that the tech giant broke the law, which made it easier to file private privacy lawsuits like this one. As a result, you should anticipate seeing more outfits of this kind appear.
Meta’s ad processing has been the focus of AMI’s complaint since the General Data Protection Regulation (GDPR) went into effect in May 2018 and up to the end of July of the previous year. On the other hand, the complainants are not ruling out the prospect of extending the timeline of their lawsuit to take into account what they refer to as “Meta’s persistence in its non-compliance.”
The legal foundation that Meta claims to have for processing advertisements in the region has been changed twice since the penalty was imposed in January. Initially, it shifted to asserting a concept known as legitimate interests as its basis. However, the Court of Justice of the European Union (CJEU) rendered a decision in July 2022 rejecting that premise as well in response to a second competition and privacy challenge against Meta’s super profiling that Germany’s competition authority had already submitted to the highest court of the union.
The European Data Protection Board issued an “urgent binding decision” on October 27 that the AMI refers to in its challenge. In light of Meta’s continued processing of personal data without a valid legal basis in the months following the CJEU’s decision, Norway’s data protection authority requested this decision. The purpose of the challenge is to explain the potential additional timeframe.
In November, Meta decided to transform the legal foundation for its tracking ad business in the European Union to claim permission. On the other hand, the alternative it has developed for customers in regional areas requires them to choose between paying a monthly membership fee for an ad-free version of its goods or ‘consent’ to being monitored and profiled, even though the General Data Protection Regulation calls for consent to be “freely given” for it to be lawfully acquired.
The most recent attempt by Meta to circumvent the privacy regulations of the European Union to benefit its tracking advertising business is already being challenged. Privacy and consumer rights organizations contend that Meta’s choice of customers is both unlawful and unfair.
Although there is a notable irony in this situation, the usage of a so-called “cookie paywall” to collect consent to monitoring is a feature of the websites of several European newspapers. These websites require users to either pay a subscription fee to access the content or agree to be tracked in return for access that is not paid for.
As well as opposing Meta’s most recent “pay or okay” approach to permission, the privacy organization Noyb, which was the driving force behind the first complaint against Meta’s legal basis for monitoring that was filed in May 2018 under the General Data Protection Regulation (GDPR), has also been suing newspapers over cookie paywalls since 2021.
