• Home
  • Imprint
  • Privacy policy
  • Terms
  • Agile and lean law firm
  • Ideal partner
  • Contact
  • Videos
ITMediaLaw - Rechtsanwalt Marian Härtel
  • en English
  • de Deutsch
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
      • Ideal partner
      • About lawyer Marian Härtel
      • Video series – about me
      • Why a lawyer and business consultant?
      • Principles as a lawyer
      • Focus on start-ups
      • Nerd und Rechtsanwalt
      • Ideal partner
      • How can I help clients?
    • Über die Kanzlei
      • How clients benefit from my network of colleagues, partners and service providers
      • Quick and flexible access
      • Agile and lean law firm
      • Team: Saskia Härtel – WHO AM I?
      • Price overview
    • How can I help clients?
    • Sonstige Informationen
      • Einwilligungen widerrufen
      • Privatsphäre-Einstellungen ändern
      • Historie der Privatsphäre-Einstellungen
      • Privacy policy
    • Testimonials
    • Imprint
  • Leistungen
    • Focus areas of attorney Marian Härtel
      • Support with the foundation
      • Games law consulting
      • Advice in e-commerce
      • Support and advice of agencies
      • Legal advice in corporate law: from incorporation to structuring
      • Legal compliance and expert opinions
      • Streamers and influencers
      • Cryptocurrencies, Blockchain and Games
      • Outsourcing – for companies or law firms
    • Arbeitsschwerpunkte
      • Games and esports law
        • Esports. What is it?
      • Corporate law
      • IT/IP Law
      • Consulting for influencers and streamers
        • Influencer & Streamer
      • Contract review and preparation
      • DLT and Blockchain consulting
        • Blockchain Overview
      • Investment advice
      • AI and SaaS
  • Artikel/News
    • Langartikel / Guides
    • Law and computer games
    • Law and Esport
    • Law on the Internet
    • Blockchain and web law
    • Online retail
    • Data protection Law
    • Copyright
    • Competition law
    • Copyright
    • EU law
    • Law on the protection of minors
    • Labour law
    • Tax
    • Kanzlei News
    • Other
  • Videos/Podcasts
    • Videos
    • Podcast
      • ITMediaLaw Podcast
      • ITMediaLaw Kurz-Podcast
  • Knowledge base
  • Contact
Kurzberatung
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
      • Ideal partner
      • About lawyer Marian Härtel
      • Video series – about me
      • Why a lawyer and business consultant?
      • Principles as a lawyer
      • Focus on start-ups
      • Nerd und Rechtsanwalt
      • Ideal partner
      • How can I help clients?
    • Über die Kanzlei
      • How clients benefit from my network of colleagues, partners and service providers
      • Quick and flexible access
      • Agile and lean law firm
      • Team: Saskia Härtel – WHO AM I?
      • Price overview
    • How can I help clients?
    • Sonstige Informationen
      • Einwilligungen widerrufen
      • Privatsphäre-Einstellungen ändern
      • Historie der Privatsphäre-Einstellungen
      • Privacy policy
    • Testimonials
    • Imprint
  • Leistungen
    • Focus areas of attorney Marian Härtel
      • Support with the foundation
      • Games law consulting
      • Advice in e-commerce
      • Support and advice of agencies
      • Legal advice in corporate law: from incorporation to structuring
      • Legal compliance and expert opinions
      • Streamers and influencers
      • Cryptocurrencies, Blockchain and Games
      • Outsourcing – for companies or law firms
    • Arbeitsschwerpunkte
      • Games and esports law
        • Esports. What is it?
      • Corporate law
      • IT/IP Law
      • Consulting for influencers and streamers
        • Influencer & Streamer
      • Contract review and preparation
      • DLT and Blockchain consulting
        • Blockchain Overview
      • Investment advice
      • AI and SaaS
  • Artikel/News
    • Langartikel / Guides
    • Law and computer games
    • Law and Esport
    • Law on the Internet
    • Blockchain and web law
    • Online retail
    • Data protection Law
    • Copyright
    • Competition law
    • Copyright
    • EU law
    • Law on the protection of minors
    • Labour law
    • Tax
    • Kanzlei News
    • Other
  • Videos/Podcasts
    • Videos
    • Podcast
      • ITMediaLaw Podcast
      • ITMediaLaw Kurz-Podcast
  • Knowledge base
  • Contact
ITMediaLaw - Rechtsanwalt Marian Härtel
Home Data protection Law

Data protection: “Targeted advertising” through “legitimate interest” at the end? EDPB vs. meta

4. January 2023
in Data protection Law
Reading Time: 3 mins read
0 0
A A
0
privacy policy 3583612 1920 1
Key Facts
  • The Irish data protection authority has rejected the circumvention of the GDPR by Meta.
  • Meta must offer a yes/no option for personalized advertising in the future.
  • Six legal bases for data processing are set out in the GDPR.
  • The decision forces Meta to provide a version of the apps without personal data.
  • A 300 million euro fine was imposed on Meta.
  • Users can revoke their consent at any time without any restrictions in the service.
  • Legal service providers could potentially support claims for damages against Meta.

Just this morning I reported on the LG München decision on Focus.de, and another decision seems to have dealt the data protection death blow to obtaining permission from users of a platform/website for “targeted advertising” only via provisions in the terms and conditions and not through explicit consent.

As confirmed by the Irish Data Protection Authority, the European Data Protection Board (EDPB) has rejected the circumvention of the GDPR/GDPR by the Irish Data Protection Authority and Meta on the basis of complaints filed by the organization “noyb” against Facebook and Instagram. Meta, as the operator of Facebook, Instagram and Whatsapp, is now prohibited from circumventing the GDPR through a clause in its terms and conditions. Meta must obtain consent for personalized advertising and offer users a “yes/no” option.

The GDPR recognizes six legal bases for the processing of data. One of them is consent pursuant to Article 6(1)(a) DSGVO. The delimitation of the possibilities and when which possibility is permissible or how exactly these must be designed is not entirely clear and is always a cause for controversy. Since users are naturally reluctant to clearly and unambiguously consent to being recognized on a website for the purpose of advertising (and certainly not across different services), Meta attempted to circumvent the consent requirement for tracking and online advertising by arguing that ads were part of the “service” it contractually owed to users.

However, this so-called “contractual necessity” under Article 6(1)(b) is usually understood narrowly. An example would be the forwarding of address data to a postal service provider by an online store in order to be able to carry out an order that has been placed. Meta took the position that it could simply add whatever elements it wanted to the contract with the user (such as personalized advertising) to avoid a yes/no consent option for users.

Despite many attempts by the Irish data protection authority to allow this practice for Meta, the European Data Protection Board now also rejects this practice in the final decision.

The decision means that Meta must provide all users with a version of all apps that does not use personal data for advertising within three months. The ruling would still allow Meta to use non-personal data (such as the content of a story) to personalize ads or ask users to approve ads via a yes/no option. Users must be able to withdraw their consent at any time, and Meta must not restrict service if users so choose. While this would drastically limit Meta’s profits in the EU, it would not ban advertising entirely. Instead, the decision puts Meta on the same level as other websites or apps that must offer users a yes/no option. In addition, a 3-digit million fine was imposed on Meta. This is unlikely to do the already rapidly falling share price any good.

In addition to a number of other cases pending before the ECJ, the question of whether Meta users are now entitled to claims for damages against Meta because it unlawfully used personal data for 4.5 years is likely to be exciting. Another field for legal service providers?

The path taken by data protection authorities and privacy activists, as well as the courts, is therefore quite clear and marketers and service providers are strongly advised not to process and/or share users’ data with third parties without explicit consent, unless this is clearly and unambiguously for the performance of a contract, a legal obligation, to safeguard vital interests, or to serve a public interest. The “f” option in Article 6(1)(a) of the GDPR, “the legitimate interest of the controller or a third party” can quickly become a dangerously hot, and as you can now witness at Meta, expensive undertaking.

 

Tags: AdvertisingAGBDamagesData protection LawFacebookInstagramKIPersonal dataPrivacyWhatsapp

Beliebte Beträge

Data leak in startup practice: GDPR reporting and damage limitation

dsgvo
29. April 2025

Young start-ups and solopreneurs often focus on agile development and rapid growth - but a data leak can put an...

Read moreDetails

Data protection, anonymity and third-party chatter: GDPR risks and solutions for OnlyFans Creator

Data protection, anonymity and third-party chatter: GDPR risks and solutions for OnlyFans Creator
12. May 2025

OnlyFans has revolutionized the income opportunities for adult content creators - but with success comes legal challenges. In particular, data...

Read moreDetails

Data protection and anonymity for OnlyFans creators, agencies, brokers and chatter agencies

Data protection and anonymity for OnlyFans creators, agencies, brokers and chatter agencies
10. May 2025

OnlyFans and similar platforms for erotic content are booming - but as their popularity grows, so do the data protection...

Read moreDetails

Legally compliant archiving of emails: legal requirements and practical implementation

Legally compliant archiving of emails: legal requirements and practical implementation
14. March 2025

It is impossible to imagine modern corporate communication without e-mail. It is not only used for the rapid exchange of...

Read moreDetails

Risks when hosting personal data on US cloud servers

Risks when hosting personal data on US cloud servers
18. February 2025

Hosting personal data on cloud servers from US providers poses significant risks for European companies, particularly with regard to compliance...

Read moreDetails

SaaS contract for marketing tools

da785cff1bca5b6897d0d4cacf7359ff
15. November 2024

When I helped set up CPMStar, one of the first major gaming marketing agencies in Germany, a few years ago,...

Read moreDetails

BGH ruling on damages for data protection breaches

BGH: Women also gamble on first-person shooters
8. December 2024

The ruling by the German Federal Court of Justice (BGH) on November 18, 2024 has put an abrupt end to...

Read moreDetails

New cookie regulation: a step towards simplifying digital consent?

Esport: Sports Committee of the BT meets Wednesday
8. December 2024

On September 4, 2024, the Federal Government adopted the Consent Management Ordinance (EinwV). This new ordinance is based on Section...

Read moreDetails

Multi-tenant architectures in the SaaS sector: data separation and compliance requirements

6e405ef66c83bf9de2066fb73a1deafc
9. November 2024

Multi-tenant architectures are the backbone of modern SaaS solutions, as they enable efficient use of resources and scalability. However, they...

Read moreDetails
  • Home
  • Imprint
  • Privacy policy
  • Terms
  • Agile and lean law firm
  • Ideal partner
  • Contact
  • Videos
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Contact
  • Leistungen
    • Support with the foundation
    • Focus areas of attorney Marian Härtel
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Games law consulting
    • Support and advice of agencies
    • Legal advice in corporate law: from incorporation to structuring
    • Cryptocurrencies, Blockchain and Games
    • Investment advice
    • Booking as speaker
    • Legal compliance and expert opinions
    • Legal advice in corporate law: from incorporation to structuring
    • Contract review and preparation
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
    • Agile and lean law firm
    • Focus on start-ups
    • Principles as a lawyer
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Why a lawyer and business consultant?
    • Focus on start-ups
    • How can I help clients?
    • Team: Saskia Härtel – WHO AM I?
    • Testimonials
    • Imprint
  • Videos
    • Video series – about me
    • Information videos – about Marian Härtel
    • Videos on services
    • Blogpost – individual videos
    • Shorts
    • Third-party videos
    • Podcast format
    • Other videos
  • Knowledge base
  • Podcast
  • Blogposts
    • Lange Artikel / Ausführungen
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Labour law
    • EU law
    • Corporate
    • Competition law
    • Copyright
    • Tax
    • Internally
    • Other
  • en English
  • de Deutsch
Kostenlose Kurzberatung