Meta says it'll ask Euro peeps nicely before hitting them with personalized ads

Meta, after fighting European GDPR-related lawsuits for years, has said it will seek explicit consent from EU users before using their data to serve up highly targeted ads.

So-called behavioral advertising has repeatedly landed the Facebook and Oculus giant in hot water with privacy watchdogs in Europe. While the Instagram parent continues to argue that these types of ads — and the way the platform processes people's data for generating advertising personalized to their interests and background — is legal under GDPR, on Tuesday Meta said it will adjust this practice.

"Today, we are announcing our intention to change the legal basis that we use to process certain data for behavioral advertising … from 'Legitimate Interests' to 'Consent,'" the American tech giant said in an August 1 missive. 

The change will only apply to users in European Union (EU) and European Economic Area (EEA) countries, plus Switzerland. And it's unclear exactly when it will take effect, or what the practical effects for users will be. Meta declined to share a copy of the proposal with The Register.

"There is no immediate impact to our services in the region," the biz added, and has promised to provide more details in late September. 

The Wall Street Journal reckoned Meta could update its systems to seek consent for behavioral ads by the end of October.

"Once this change is in place, advertisers will still be able to run personalised advertising campaigns to reach potential customers and grow their businesses," the Facebook titan continued. "We have factored this change into our business outlook and related public disclosures made to date."

Meta attributed the change to "a number of evolving and emerging regulator requirements" in Europe, including the Digital Markets Act (DMA), as well as feedback from watchdogs including the notoriously tough Irish Data Protection Commission (DPC). 

Ireland's info regulator has previously punished the social media goliath for tracking users for advertising purposes. And just last month, Norway banned Meta's behavioral ads, and threatened to fine Mark Zuckerberg's biz one million Kroner ($100,000) per day if it doesn't comply, even though that adds up to pocket change for the Meta megacorp.

In April, after pressure from the Irish DPC, Meta made some changes to the way it tracks users to show them targeted advertisements. This change, which only applied to EU citizens, allowed folks to request an opt-out form for some ads.

But this didn't make it easy enough for netizens to opt out it seems, and in July the Court of Justice of the European Union (CJEU) ruled [PDF] that Meta's efforts didn't meet GDPR's legal requirements.

According to EU data privacy advocates None Of Your Business (NOYB), which has sued the social media firm and accused it of not complying with GDPR, Meta now will have to ask for a simple "yes" or "no" consent before using their personal data to pick ads targeted specifically for them.

"After more than five years of litigation, Meta finally comes to the conclusion that it must ask people if it's allowed to spy on them for ads," NOYB's Max Schrems said in a statement. 

• That Meta GDPR fine is €1.2B. Plus biz must stop sending EU data to US
• Ireland fines Meta $414m for using personal data without asking
• Long data privacy notices aren't foolproof, Euro watchdog tells Meta
• UK's proposed alt.GDPR will turn Britain into a 'test lab' for data harvesting

However, Schrems noted that Meta's lack of specifics — and only seeking consent for "certain data for behavioral advertising" — may be problematic because Meta may not consider things like a user's age or location to be a data point for targeted advertising.

"The GDPR covered all types of personalization, also on things like your age, which is not a 'behavior,'" Schrems said. "We will obviously continue litigation if Meta will not apply the law fully."

UK regulators are also keeping their eyes on Meta's plans to seek user consent. In a statement about the proposal, the Information Commissioner's Office (ICO) said it was paying "close attention" to the corporation's changes, while working on its own plans for the citizens of Brexit Island.

"We're aware of Meta's plans to seek consent from users for behavioural advertising in the EU, to the exclusion of the UK,"  Stephen Almond, the ICO executive director of regulatory risk, said in a statement. "We are assessing what this means for information rights of people in the UK and considering an appropriate response." ®