https://tutanota.com/blog/posts/facebook-tracking-business-model-illegal-europe/ image/svg+xml image/svg+xml PRICING ABOUT WHY TUTANOTA FAQ JOBS BLOG LOGIN SIGN UP [woman-with-katana-stock] Breaking news Read our blog to learn why privacy matters. And don't forget to get an encrypted mailbox yourself! GET ENCRYPTED EMAIL Huge win for privacy: Facebook tracking is illegal in Europe! EU privacy regulators say Facebook and Instagram must not force users to agree to tracking by putting this requirement into their terms. This business model is illegal according to the GDPR. 2022-12-09 Facebook business model to force users to agree to tracking and then posting personalized ads is illegal in Europe. Meta's business model - to force users to agree to tracking via their terms - has been declared illegal in the EU. Facebook, Instagram and WhatsApp can no longer run personalized ads without **active** user consent. TL;DR: Meta's practice of requiring users to consent to tracking via their terms is not legal according to the GDPR. Facebook, Instagram and WhatsApp must offer a Yes & No option so that users can actively give consent - or refuse. This is a huge blow to Meta's business model of surveillance-based advertising. Decision of EU privacy regulators In a far-reaching decision on Monday, EU privacy regulators, said that Meta Platforms Inc. must not force users to agree to personalized ads based on their online activity. The ruling could enormously limit the data that Meta can use to sell targeted ads. Simply putting a paragraph into the terms of service - to which users have to agree - is not sufficient according to the General Data Protection Regulation (GDPR). Such terms are no justification to collect data and post targeted ads. Instead, Meta platforms Facebook, Instagram and WhatsApp must give users a clear Yes & No choice where they can actively agree to being tracked - or refuse. The tech giant's so-called forced consent to continue tracking and targeting users by processing their personal data to build profiles for behavioral advertising has been added to Meta's terms after the publication of the GDPR in 2018. Now it has been declared illegal by EU privacy watchdogs. EU decision makes requiring tracking via terms illegal. This decision followed complaints that were filed by European privacy NGO noyb as soon as the GDPR came into force in May 2018. It took the EU about 4.5 years to finally decide on the issue. The reason for this lengthy process is that the Irish Data Protection Commission (DPC) has originally declared that Meta's updated terms meet the requirements by the GDPR. Ireland is Meta's main privacy regulator in the bloc because that is where Meta's European headquarters is based. Meta explained that its updated terms rely on the GDPR concept of "contractual necessity". The GDPR mostly prohibits companies from forcing users to turn over personal information to use their services. The only exception is when that information is necessary to execute a contract: For instance, a car sharing app needs to know your location so that it can show cars near you. Meta relied on that contractual provision of the GDPR, to which the Irish privacy regulator initially agreed. But now, the EU privacy regulators are passing the decision back to the DPC saying that the "contractual necessity" is not met by apps like Facebook, Instagram and WhatsApp and that it is the DPC's obligation to enforce proper privacy rights for European citizens. The DPC now has one month to issue a final decision, along with significant fines. Impact The impact of the EU's decision that Facebook's current tracking practice is illegal is huge: It directly affects Facebook's business model. Right now, Facebook and Instagram profit a lot from the fact that people must give them their private data to use the service. In turn, Meta uses this data to create profiles and to post targeted ads, a gold mine for the Silicon Valley giant. However, the EU's decision will limit Facebook's access to this gold mine and, thus, directly impact revenue. A sign of how bad this decision is for Meta's profits is last year's decision by Apple. In 2021, Apple required iPhone app developers to ask users whether they want their usage to be tracked. And - unsurprisingly - lots of iPhone users declined being tracked and profiled. As a consequence Meta's revenue in 2021 was reduced by 8% just because iPhone users were not willing to share their private data with Facebook, Instagram and WhatsApp anymore. Reducing Facebook's tracking online hugely benefits the privacy of users and simultaneously harms Meta's revenue. People's data is worth much more to Big Tech than many think. EU limits Facebook tracking The latest EU decision is another sign of a growing interest of EU authorities to limit surveillance-based tracking. Finally, people and politicians are waking up to the dangers of behavioral advertising, and EU officials are starting to regulate it in a way to protect people's privacy. To companies such as Facebook, Google and Amazon, this business, however, is worth billions of dollars each year. Learn here how your are being profiled online and how you can stop it. Regardless, even California - where most Big Tech companies are located - has adopted great privacy laws that allow users to opt out of what it calls cross-contextual behavioral advertising. Maybe the reason for this legislation is that Californians know best how harmful tracking and behavioral advertising is as this business model originated there. Consequences for users The EU decision will not have direct consequences for users, unfortunately, as it can be appealed to. Such an appeal would lead to a lengthy judicial process. If upheld, though, this decision will make it much harder for Facebook and other platforms to show users ads based on what they click, like, share and watch within these platforms' own apps. While Meta is already allowing users to opt out of personalizing ads based on data from other websites and apps, it has never given any such option for ads based on data about user activity on its own platforms. For Facebook - and other Big Tech companies - limiting the access to user tracking would be a huge blow as building audiences for personalized ads make up the bulk of revenue for such companies. "This is not the final decision and it is too early to speculate," said a Meta spokesman to the Wall Street Journal, adding that EU law could allow for other legal justifications for targeting its ads. "We've engaged fully with the DPC on their inquiries and will continue to engage with them as they finalize their decision." Nevertheless, the GDPR allows for large fines for major violations -- up to 4% of global annual turnover. Growing privacy enforcements While the EU's GDPR started being enforceable already in May 2018, political enforcement has only started to ramp up in the last couple of months. By now, many Big Tech companies have been hit with hefty fines. The Irish DPC has fined Meta more than $900 million in four other cases in the last 15 months, and currently has 10 additional inquiries into the company. Meta's Irish subsidiary had allotted nearly 3 billion Euros for privacy fines in the EU last year - up by EUR1.97 billion from a year earlier, according to Irish corporate filings. Regardless, up to now it seems much more profitable for Silicone Valley giants to just pay the fines - instead of changing their business model. This means we must keep fighting to stop ad-based tracking. Start now by adding an adblocker to your browser! Author [hab-bw] Hanna makes Tutanota come to life. Her credo: Every one of us has the right to express any idea freely, or to keep it secret. Encryption is a great tool to achieve the latter. Top posts Why choose the Tutanota desktop clients? [desktop-client] Whitelabel your secure Tutanota mailbox for business use. [whitelabel-inbox] Global Encryption Day: Any backdoor would do more harm than good. [encryption-backdoor-security-risk] Which is the most secure email service? [tutanota-encrypted-contact] Green email is the future: Tutanota uses 100% renewable energy. [green_email] Email encryption: The ultimate guide to send an encrypted email in seconds. [email-encryption-guide] Latest posts Huge win for privacy: Facebook tracking is illegal in Europe! [social-media] Is Google Analytics illegal in the EU? Yes and no, but mostly yes. [max-schrems-noyb-privacy-shield] Anonymous email: Tutanota keeps your data secure and private. [privacy-win] Feature List: Development achievements of your secure email service Tutanota. [development-feature-list] LOAD COMMENTS image/svg+xml image/svg+xml Terminate subscription Company You & Us Jobs Terms Privacy Legal notice Development Roadmap Security & Encryption GitHub Features Secure Email Encrypted Calendar Secure Connect Business Support FAQ Forum Contact Press Language English Translate