Facebook-parent Meta illegally processed personal information of Dutch users for targeted advertising, according to a ruling by an Amsterdam court.
The ruling, which was issued last week, stated that Meta violated data protection laws between April 1, 2010 and January 1, 2020, by processing personal data of its Facebook users. The tech giant also shared this information with third parties without informing the users. Meta did not obtain users’ informed consent and hence violated the EU data protection rules, the ruling added.
“Personal information was processed for the purposes of advertising when in this case that is not allowed,” said the court. “Personal information was given to third parties without Facebook users being informed and without there being a legal basis to do so.”
The complaint noted that Meta not only processed personal data for targeted advertising, but shared private information such as religion and personal preferences with third parties. The said information was extracted by Facebook from the browsing history of users outside of Facebook. Meta passed to third parties the personal data of its users’ Facebook friends too, the court said in a press statement.
The class-action suit against Meta (Facebook Ireland) was filed in 2019 by the Data Privacy Foundation (DPS), which works for the victims of privacy violations in the Netherlands, along with Consumentenbond, a local consumer protection non-profit organisation. The suit represents more than 185,000 consumers, but they cannot yet claim the damages.
The ruling will, however, enable the group to negotiate a settlement with Meta. If the case progresses to a damages phase, any of the individuals, who used Facebook during the timeframe noted in the ruling, might have an opportunity to join the proceedings.
Meta was cleared of various other charges, including placing cookies on third party websites, however. The court also dismissed enrichment charges against Meta, citing insufficient evidence to prove that the company’s monetary gains from these actions caused direct harm to the users.
In response to the ruling, a Meta spokesperson said the company was “pleased” with parts of the court’s decision but that it would appeal the others, questioning the validity of some claims.
“We know that privacy is important to our Dutch users and we want them to have control over how their data is used,” said the spokesperson.
Meta has already been fined hundreds of millions of dollars by the Irish Data Protection Commission (DPC) for violating the EU’s data protection laws for targeted advertising across Europe.