Schrems wins another case over Meta
The European Union’s top court has imposed further restrictions on Meta’s core advertising business, emphasizing the principle of “data minimization” under the General Data Protection Regulation (GDPR). This ruling mandates that social networks like Facebook cannot indefinitely use all user data for ad targeting purposes.
Katharine Raabe-Stuppnig, representing complainant Max Schrems, highlighted that this decision significantly limits the portion of Meta’s data pool that can be used for advertising, even with user consent. The ruling extends to other online advertisers lacking robust data deletion practices.
Max Schrems, an Austrian lawyer and privacy activist, has been a persistent challenger of Facebook’s data practices. His previous legal actions have resulted in significant rulings, including the invalidation of data-sharing agreements between the EU and the U.S. due to concerns over U.S. intelligence accessing user data. A separate complaint from Schrems last year resulted in a €1.2 billion GDPR fine against Meta, putting the company at risk of being unable to transfer European users’ data to U.S. servers. Although a new EU-U.S. data-sharing agreement provided a temporary solution, the pressure on Meta continues to mount.
The recent ruling specifically addressed the use of sensitive data, such as information regarding a user’s sexuality. Schrems revealed that Facebook targeted him with ads based on his sexuality, despite him never disclosing this information on his profile. The GDPR classifies such personal data as sensitive, requiring stricter controls. The court clarified that even if a user makes their sexuality public, Meta cannot use data obtained from other sources, such as tracking online behavior, for targeted advertising.
Meta has responded to the ruling, emphasizing its commitment to privacy and its investment of over €5 billion to enhance data protection across its platforms. The company maintains that it does not use sensitive data categories, such as sexuality, for ad targeting and has measures in place to prevent advertisers from sharing sensitive information. As the legal landscape evolves, Meta will need to adapt its advertising strategies in compliance with GDPR requirements.
