Meta, the tech giant behind Facebook and Instagram, is embroiled in a major legal battle in Spain. The company is being sued for over €550 million by AMI, an association representing over 80 newspaper publishers, including big names like El País and La Vanguardia. The lawsuit claims Meta has systematically violated the EU’s General Data Protection Regulation (GDPR) by processing user data for ads without valid consent. This breach has allegedly given Meta an unfair competitive advantage in the advertising market.
The issue at hand is Meta’s long history of non-compliance with GDPR, particularly regarding user consent for data processing. European authorities have fined Meta €390 million in January, confirming that the company’s data handling practices were illegal. The fine has opened the door for additional lawsuits, like AMI’s, challenging Meta’s actions since GDPR took effect in May 2018.
Following the January fine, Meta has changed its legal basis for processing ads multiple times. Initially, it claimed ‘legitimate interests’ as the basis, which was later invalidated by the Court of Justice of the European Union (CJEU). In November, Meta began asking users to consent to data tracking, offering a choice between a paid, ad-free version of its products or agreeing to be tracked. However, this approach is already under fire, as it may violate GDPR’s requirement for consent to be ‘freely given.’
The lawsuit and Meta’s shifting strategies highlight the ongoing tension between privacy regulations and business models reliant on user data. While Meta attempts to navigate these legal challenges, the broader implications for privacy, consent, and competition in the digital space remain a hot topic. This case could signal a turning point for how tech companies operate within the EU’s stringent data protection framework.