Meta's Targeted Ad Model Could Face EU Restrictions

Facebook and Instagram shouldn't be able to target users with ads based on their online activity when using the apps, EU privacy regulators reportedly say.

Attila Tomaschek
Attila is a Staff Writer for CNET, covering software, apps and services with a focus on virtual private networks. He is an advocate for digital privacy and has been quoted in online publications like Computer Weekly, The Guardian, BBC News, HuffPost, Wired and TechRepublic. When not tapping away on his laptop, Attila enjoys spending time with his family, reading and collecting guitars.
Expertise Attila has nearly a decade's worth of experience with VPNs and has been covering them for CNET since 2021. As CNET's VPN expert, Attila rigorously tests VPNs and offers readers advice on how they can use the technology to protect their privacy online.
Attila Tomaschek
2 min read
Meta logo on a phone

Meta's advertising machine could take a hit if the ruling is upheld.

James Martin/CNET

Meta-owned platforms Facebook and Instagram shouldn't be able to hide behind terms of service in requiring users to agree to targeted ads based on their activity within those apps, privacy regulators in the European Union reportedly ruled on Monday.

The apparent ruling, by a board representing all EU privacy regulators, hasn't been disclosed publicly. But The Wall Street Journal reported that it calls on Ireland's Data Protection Commission, which regulates Meta in the EU, to issue public orders reflecting its decision and to levy fines. The Journal cited unnamed people familiar with the regulators' decision.

Though Meta lets users opt out of targeted ads based on data from other apps and websites, they don't have that option when it comes to ads based on their activity within Meta's apps, such as what videos they watch or items they tap, the Journal said. If upheld, the ruling could prompt Meta to offer such an opt-out, the Journal reported, though it's unclear what steps Meta would take. 

Meta can appeal the ruling, but if upheld, the decision could deal a significant blow to the tech giant's lucrative advertising business, according to the Journal. With less data to rely on for advertising, personalized ads across Facebook and Instagram would be far less effective, and Meta relies on such ads for much of its revenue, the Journal said.

"This is not the final decision and it is too early to speculate," Meta told CNET in an email. A company spokesperson said the EU's existing and overarching General Data Protection Regulation "allows for a range of legal bases under which data can be processed, beyond consent or performance of a contract."

Meta is cooperating with Ireland's Data Protection Commission on its inquiries, the spokesperson said. The final decision will come from that agency and is expected in January, the company told CNET.  Ireland's Data Protection Commission didn't respond to CNET's request for comment.

This isn't the first time Meta has faced scrutiny from privacy regulators in Europe. The company was fined $275 million in November after data scraped from Facebook was found on the internet, and it was fined $400 million in September for failing to protect children's privacy on Instagram.