The Norwegian Consumer Council files legal complaint against Meta for numerous violations of the GDPR 

29. februar, 2024

Together with seven other consumer organizations across Europe, the Norwegian Consumer Council is filing a legal complaint against Meta for numerous breaches of the General Data Protection Regulation (GDPR). – Metas ongoing cat-and-mouse game with European authorities must come to an end, according to the Consumer Council. 

In the complaint, which has been sent to national data protection authorities, it is brought to light how the tech giant is breaching legal obligations about fair processing, purpose limitation, and data minimisation. Furthermore, users are not able to give a free and informed consent, due to Metas massive surveillance and opaque business model. 

— Meta has continuously attempted to obscure how it is violating its users fundamental right to privacy, most recently with it’s “pay or OK”-model. It is overdue that European authorities put an end to how the company is operating, says director of digital policy Finn Lützow-Holm Myrstad in the Norwegian Consumer Council. 

— Metas business model, which is based on comprehensive surveillance and profiling of its users, is a fundamental violation of European and Norwegian law. Unfortunately, the company seems to be unwilling to change its business model or otherwise adapt to the law. 

Meta owns many companies, including Facebook and Instagram, which both have more than 250 million European users. In 2018, the GDPR entered into force in the EU and in Norway. The regulation sets forth numerous obligations, including about what personal data can be processed and how the information can be used. 

Massive surveillance of its users

Metas massive surveillance and use of personal data has been in the spotlight for many years. The Irish Data Protection Commissioner and the European Court of Justice has deemed the company’s processing of personal data to be illegal. In other words, Meta has been operating in breach of European law for years. 

— The collection and compilation of information about us not only violates our right to privacy, but makes us vulnerable to manipulation, discrimination, and scams. This harm sus both as consumers, and as society as a whole, Myrstad says. 

— Meta is tracking us both across its own services and when we move across the web. Information about what we like, what we buy, our physical and mental health, sexual orientation, political views, and much more, is collected, compiled, and used to target advertising and other messages. 

Complaint against Metas «pay or OK»-model 

The Norwegian Consumer Council and numerous other European consumer organizations have already filed legal complaints against Metas “pay or OK”-model to the Consumer Protection Cooperation Network (CPC). These complaints addressed how the company forced users to choose between allowing the use of personal data for advertising, or to pay to not see ads on the platforms.  

The data protection authorities in Norway, the Netherlands, and Hamburg have subsequently asked the European Data Protection Board (EDPB) to issue an opinion. Such an opinion will be important to decide how the GDPR will be enforced across the EU and the EEA in the future. 

— Meta presents privacy as a right that we have to pay for. We expect that the authorities make a clear statement that fundamental rights are not for sale, or something that companies can freely choose whether to respect, Myrstad says.