Menu
EN

Norway forces Meta to rethink online tracking in the EU: a deep dive

Key points:

  • Norway’s regulator temporarily bans behavioral advertising on Instagram and Facebook due to the lack of explicit user consent
  • Meta changes legal basis for processing personal data to ‘user consent’ in the EU
  • Stopping online tracking of users’ activity will be a costly and technically challenging task for Meta
  • If the pressure on Meta increases, it cannot be ruled out that it stops or limits its operations in the EU

What Happened

Meta, the owner of Facebook and Instagram, has landed in hot water in Norway. On July 17, the Norwegian Data Protection Authority ordered Meta to stop showing personalized ads to its users in in the country based on their online behavior. The authority alleged that Meta is breaking the law by surveilling and profiling its users without their explicit consent, and imposed a temporary three-month ban on behavioral advertising on both platforms. The country-specific ban will take effect on August 4 and will last until October. Meta could face a daily fine of $100,000 if it does not comply with the ban or change its data collection practices.

But what exactly is “behavioral advertising”? It is a type of advertising that uses your personal data to show you highly-relevant ads tailored to your interests and preferences. Meta collects this data by monitoring your online behavior, such as your web browsing activity, social media posts, search history, app usage data and location data. The catch is that all of this data is hoovered up without your explicit permission, which means you’re generally kept in the dark of how your personal data is collected and for what purpose.

Why Has Norway Targeted Meta Now?

To a non-inquisitive observer, the move by the Norwegian DPA to go after Meta’s long-running advertising practice might seem completely out of the blue. However, the timing is not random. The order came on the heels of a decision by the Court of Justice of the European Union on July 4, which stated that Meta cannot claim “legitimate interests” as a legal basis of processing data for personalized advertising.

This year alone Meta has changed the legal basis for processing user data in the EU several times. Up until April, Meta claimed “contractual necessity” as a legal basis for collecting user data. After the European Data Protection Board (EDPD) found that “advertising is not necessary for the performance of an alleged contract with Facebook and Instagram users,” Meta changed the legal basis to “legitimate interests.” But the July 4th ruling put a stop to that, too. Having run out of workaround options, on August 1, Meta changed the legal basis again, this time finally to “user consent.”

In theory, this means that Meta will have to ask users directly to consent to behavioral advertising before it collects their data for this purpose. The Wall Street Journal reported that Meta offered to regulators in the EU to limit behavioral ads strictly to users who opt-in.

However, there is still a lot of uncertainty around how exactly Meta will ask for consent, and whether there will be dark patterns in play. In short — it may be too early to celebrate.

Meta’s decision to change the legal basis for its data processing already sparked a reaction from Norway’s privacy watchdog, which sees it as a win for its campaign against online tracking. “While Meta states that this is a voluntary change on their end, that appears very unconvincing,” Tobias Judin, spokesperson for Norway’s privacy watchdog, told The Wired. He warned, however, that Meta might still try to trick users into giving their consent for such tracking.

The Potential Impact of the Norwegian Ban

The Norwegian DPA’s decision does not mean that Meta or Instagram are off-limits in Norway. It also does not mean that they can’t show personalized ads to their users. What it means is that Meta has to respect the users’ choices and preferences about how their data is used and shared. Meta can still target ads based on the information that users willingly and knowingly share, such as their bio details, including age, gender, location, or their interests. And if Meta can prove that it got valid consent from users to harvest their data for behavioral advertising, it can do that too.

The Norwegian regulator has indicated that it plans to raise the issue with the EDBP after the summer. The EDPB is a group of data protection authorities from all EU countries plus Norway, Liechtenstein, and Iceland. They, in turn, could decide whether to extend Meta’s behavioral advertising ban beyond Norway and for how long. If this happens, it could have a major impact on Meta’s business, which is largely dependent on advertising revenue.

Options for Meta: Adapting to the Ban

Meta certainly has the ability to adapt and stop location-based tracking, the catch is — it may cost Mark Zuckerberg’s company a dime. Alternatively, it can opt for a much cruder approach it is currently testing in the EU with its new app, Threads — which is to prevent Norwegians from using Facebook and Instragm at all, even over a VPN.

If Meta decides to adapt to the ban rather than give up on the Norwegian market, it will have several options. These are collecting behavioral data only from Norwegian users who opt in, stop collecting users’ behavioral data in Norway altogether, or stop showing ads to Norwegian users.

From a technical standpoint, the last option is the easiest one to implement. Stopping ads to people from a certain country is a relatively simple technical task that could be implemented very quickly. On the other hand, stopping collecting information that’s used for behavioral tracking is hard. This is because such functionality is a “native” part of Meta you cannot simply turn off. Every interaction inside users’ apps is tracked and analyzed to become a part of the profile. In other words, Meta has built its apps and websites in a way that they always collect your data, no matter what you do. Moreover, even if you don’t use Meta’s own apps, such as Facebook or Instagram, it can still collect your data from third-party mobile apps that embed Meta’s tools. About 40% of free apps on the Google Play Store share data with Meta through the Facebook Software Development Kit (SDK) that they use.

Taking all of this into account, we think that if Meta attempts to comply with the ban in earnest, probably the easiest way to do so will be for it to simply block most requests from Norway that are related to ads and tracking on their side. In practice, it means that if you use an app or a website which uses a Meta’s SDK, and you’re in Norway, Meta won’t receive or send any information from or to your device. It may result in some features of Meta’s apps and websites not working in Norway. For example, you may not see some recommendations or suggestions based on your online behavior.

If Meta goes this route, it will be doing something very similar to what ad blockers already do: preventing apps and websites from sending or receiving information related to ads or tracking to or from your device.

Why is Norway Leading the Charge on Data Privacy?

It’s not usually Norway that takes the lead on privacy in Europe — we’re more used to hearing France, Germany and Ireland, home of the lead privacy regulator for the EU, challenge Big Tech. However, this should not come as a shocker. Norway, which is not in the EU but is subject to the GDPR nonetheless, has emerged as a pro-privacy nation. The overwhelming majority of Norwegians seem to be aware of their privacy rights. As of June 2018, more than 82% of Norvegians had heard of GDPR, and more than half reported receiving emails asking for consent from parties they did not know had their address. According to the Norwegian DPA’s 2019/2020 privacy survey, 83% of Norwegians were very or somewhat concerned about privacy. Almost seven out of ten respondents said they feel they have little control over how personal information is stored and used online and six out of ten said they feel powerless when it comes to having control over their personal information online.

These strong privacy attitudes are reflected in our own data. According to our 2023 report on the state of ad tracking in the world, Northern Europe lives in an online environment that is significantly cleaner from ad tracking than the rest of the continent. Our data indicates that Norwegians encounter on average 20% fewer ad trackers than the average European. Technically, the reason for this is that local apps and websites are not too aggressive in tracking users — this is obvious when we compare top Norwegian news media sites like vg.no with other top media sites. For example, when we used AdGuard on vg.no, we found that it blocked only 5 ad requests, while on The Guardian the counter was higher than 20. Note, however, that the number of trackers blocked on the same websites may vary at any given time and also depends on your ad blocking app settings.

Looking Ahead

If we look at the bigger picture, the Norwegian regulator’s decision shows that the trend against behavioral tracking is gaining momentum, at least in Europe. Until now Meta, unlike some of its competitors, such as Google with its Privacy Sandbox, has shown itself to be more interested in fighting privacy laws rather than adapting to this trend. This could be the last straw that will prompt it to change in earnest.

However, if Meta does not revise its data collection policy in the foreseeable future, and not only on paper but in reality, it might as well just stop doing business in the EU at some point.

Liked this post?
18,384 18384 user reviews
Excellent!

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
By downloading the program you accept the terms of the License agreement
Read more
18,384 18384 user reviews
Excellent!

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
By downloading the program you accept the terms of the License agreement
Read more
18,384 18384 user reviews
Excellent!

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
By downloading the program you accept the terms of the License agreement
Read more
18,384 18384 user reviews
Excellent!

AdGuard for iOS

The best iOS ad blocker for iPhone and iPad. AdGuard eliminates all kinds of ads in Safari, protects your privacy, and speeds up page loading. AdGuard for iOS ad-blocking technology ensures the highest quality filtering and allows you to use multiple filters at the same time
By downloading the program you accept the terms of the License agreement
Read more
18,384 18384 user reviews
Excellent!

AdGuard VPN

74 locations worldwide

Access to any content

Strong encryption

No-logging policy

Fastest connection

24/7 support

Try for free
By downloading the program you accept the terms of the License agreement
Read more
18,384 18384 user reviews
Excellent!

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
By downloading the program you accept the terms of the License agreement
Read more
18,384 18384 user reviews
Excellent!

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
18,384 18384 user reviews
Excellent!

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
18,384 18384 user reviews
Excellent!

AdGuard DNS

AdGuard DNS is a foolproof way to block Internet ads that does not require installing any applications. It is easy to use, absolutely free, easily set up on any device, and provides you with minimal necessary functions to block ads, counters, malicious websites, and adult content.
18,384 18384 user reviews
Excellent!

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
18,384 18384 user reviews
Excellent!

AdGuard Pro for iOS

AdGuard Pro has much to offer on top of the excellent iOS ad blocking in Safari already known to the users of the regular version. By providing access to custom DNS settings, the app allows you to block ads, protect your kids from adult content online, and safeguard your personal data from theft.
By downloading the program you accept the terms of the License agreement
Read more
18,384 18384 user reviews
Excellent!

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
18,384 18384 user reviews
Excellent!

AdGuard Temp Mail

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
18,384 18384 user reviews
Excellent!

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device