FOR EDUCATIONAL AND KNOWLEDGE SHARING PURPOSES ONLY. NOT-FOR-PROFIT. SEE COPYRIGHT DISCLAIMER.

How Meta is breaching consumers’ fundamental rights

Published on 29.02.2024

About this publication

After analysing Meta’s practices, BEUC and its members have found that Meta processes personal data in a way that is  fundamentally incompatible with European data protection law, as it

  1. breaches the data protection principles of the GDPR, such as the principles of purpose limitation, data minimisation, fair processing and transparency;
  2. has no valid legal basis under the GDPR for its data processing.

This comes on top of the breaches of European consumer law, where BEUC and members already filed a complaint in  November 2023.

Download:

29.02.2024 – PDF Document – 513.95 KB
Available in English

LEARN MORE

European Regulators Accuse Meta Of ‘Massive, Illegal’ Privacy ‘Smokescreen’ A monthly privacy fee “does not actually give consumers a free choice,” the European Consumer Organisation says. – Huffington Post

Meta accused of ‘massive, illegal’ data processing by European consumer groups – CNN

LondonCNN — European consumer rights groups have accused Meta, the owner of Facebook and Instagram, of carrying out a “massive” and “illegal” operation of collecting data from hundreds of millions of users in the region.

The European Consumer Organisation (BEUC), an umbrella body for 45 consumer groups, said eight of the groups were filing complaints with their respective national data protection authorities Thursday.

The groups claim that Meta (META) collects an unnecessary amount of information on its users — such as data used to infer their sexual orientation, emotional state or even their susceptibility to addiction — which they are unable to freely consent to.

The company’s practices, the groups argue, breach parts of the European Union’s signature data privacy law, the General Data Protection Regulation or GDPR.

“With its illegal practices, Meta fuels the surveillance-based ads system which tracks consumers online and gathers vast amounts of personal data for the purpose of showing them adverts,” the BEUC said in a statement.

Meta disputes the allegations.

“We take our regulatory obligations extremely seriously, and are confident that our approach complies with the GDPR,” a company spokesperson said in a statement.

“Since 2019, we’ve overhauled privacy at Meta. We’re held accountable for protecting people’s privacy by regulators, policymakers and experts. We work with them to ensure that what we build follows best practices and meets high standards for data protection,” the spokesperson added.

Thursday’s complaints will potentially expose the company — for years the subject of intense regulatory scrutiny in Europe — to yet more legal action.

Last May, EU regulators fined the tech giant a record-breaking €1.2 billion ($1.3 billion) for violating GDPR rules by transferring the personal data of Facebook users to servers in the United States.

According to the European Data Protection Board, the fine is still the biggest-ever levied under the law, which has applied in the EU since 2018.

“We are gravely concerned about Meta’s practices,” a spokesperson for the Norwegian Data Protection Authority told CNN Thursday.

“Data protection is a human right for all, not a premium feature reserved for the wealthy. Our hope is that the complaints can spark more regulatory scrutiny on the European level,” the spokesperson said, adding that Norway would pass the complaint to Irish authorities, the lead regulators for Meta in Europe.

Graham Doyle, deputy commissioner at Ireland’s Data Protection Commission, told CNN the authority had not yet received any of the complaints from its counterparts.

“We would expect these complaints to go through an initial complaint examination at the respective (data protection authorities) before being forwarded to the DPC for review,” he said.

In October, EU regulators forced Meta to start asking for explicit consent from its users to process their personal information for the purpose of delivering them targeted advertisements.

Several days later, Meta launched a subscription service allowing its European users to pay up to €12.99 ($14) a month to use ad-free versions of Facebook and Instagram. From Friday, it also plans to introduce additional monthly charges for each new account a user sets up as part of that offering.

Meta has said the service is part of its efforts to comply with the GDPR.

“‘Subscription for no ads’ addresses the latest regulatory developments, guidance and judgments shared by leading European regulators and the courts over recent years,” the company said in a blog post in October.

But the BEUC argued Thursday that Meta’s subscription service offers users “an unfair and misleading choice” as its data processing isn’t transparent, meaning users cannot know how subscribing would change the way their information is processed. Moreover, Meta’s market dominance means that users cannot easily leave its platforms without cutting themselves off from their family and friends.

The organization filed a complaint with European consumer protection authorities in November, arguing that this “pay-or-consent” approach was an example of an unfair and “aggressive” commercial practice prohibited under EU law.

“Meta’s offer to consumers is smoke and mirrors to cover up what is, at its core — the same old hoovering up of all kinds of sensitive information about people’s lives, which it then monetizes through its invasive advertising model,” Ursula Pachl, deputy director general of the BEUC, said in a statement Thursday.

FOR EDUCATIONAL AND KNOWLEDGE SHARING PURPOSES ONLY. NOT-FOR-PROFIT. SEE COPYRIGHT DISCLAIMER.