Norwegian Court Rules Against Meta in Privacy Breach Case

A Norwegian court has ruled against Meta Platforms, the parent company of Facebook and Instagram, allowing the country's data regulator, Datatilsynet, to continue imposing a fine for breaches of user privacy. Meta had sought a temporary injunction to halt the fine, but the court's decision is considered a significant victory for user privacy.

Since August 14, Meta has been facing daily fines of one million crowns ($93,200) for its practices of harvesting user data and utilizing it for targeted advertising, a common business model among major tech companies known as behavioral advertising.

Datatilsynet celebrated the court's ruling as a significant win for privacy rights. The decision has the potential for broader implications across Europe, as Datatilsynet is considering referring the case to the European data regulator.

Should the European Data Protection Board align with Datatilsynet, the decision could extend the territorial reach of the ruling throughout Europe, potentially making the fine permanent. While Datatilsynet has not yet made a decision on the referral, the case underscores the growing concern over data privacy and its regulation, even in countries like Norway, which is not a European Union member but participates in the European single market.

Meta argued several points in its defense, including claims of disproportionate penalties, impracticality in compliance, and violations of other laws. However, the court rejected these arguments, upholding Datatilsynet's authority and the fine. Additionally, Meta was ordered to cover Datatilsynet's case costs.

Meta has not confirmed whether it plans to appeal the court's decision but expressed disappointment with the ruling. During a two-day court hearing in August, Meta stated that it had already committed to seeking user consent and accused Datatilsynet of using an "expedited process" that allowed insufficient time for the company to respond adequately.

In contrast, Datatilsynet contended that it remained unclear when and how Meta would request user consent, arguing that in the interim, user rights were being violated.

This case underscores the increasing importance of data privacy and the regulatory challenges faced by major tech companies, even in regions outside the European Union.