Norway’s data protection authority, Datatilsynet, has announced that it will impose a daily fine of one million Norwegian crowns ($98,500) on Meta Platforms, the owner of Facebook and Instagram, starting from August 14 due to privacy breaches.
The decision comes after Datatilsynet warned on July 17 that the company would face penalties unless it addressed the identified privacy violations.
The regulator’s move targets Meta’s practice of harvesting user data in Norway, including physical locations, to enable targeted behavioural advertising, a common strategy among major tech companies. The fine is scheduled to remain in effect until November 3, pending any potential extension or permanence based on the decision of the European Data Protection Board.
Tobias Judin, head of Datatilsynet’s international section, emphasised the impending consequences, stating, “As of next Monday, a daily fine of 1 million crown will start to apply.” This enforcement reflects the authority’s determination to uphold data protection standards within the country and potentially across Europe.
Although Norway is not a member of the European Union, it operates within the European single market, which could lead to a broader impact if the case is referred to the European Data Protection Board. Datatilsynet has not yet taken this step.
In response to these regulatory challenges, Meta recently announced its intention to seek user consent within the European Union before facilitating businesses’ targeted advertising based on user activities on Facebook and Instagram. This adjustment aligns with a directive from Ireland’s Data Protection Commissioner issued in January, calling for a reevaluation of Meta’s legal basis for ad targeting in the region.
As the fine’s implementation date draws near, Meta Platforms will likely be under increased scrutiny not only in Norway but also from other European data protection authorities.