top of page

Privacy advocate sues Meta on alleged GDPR violations with regard to targeted ads

In the UK, a privacy and human rights activist filed a lawsuit against Meta Platforms, alleging that the social media giant is ignoring her request to cease receiving targeted advertisements based on her use of Facebook.

As a lifelong advocate for privacy rights and senior fellow at Foxglove Legal, Tanya O'Carroll said Meta is in violation of the U.K. General Data Protection Regulation (GDPR). If the case is successful, it might require Meta and other social media companies to alter the way they provide their users with customized advertising.

In the UK High Court of Justice, O'Carroll launched a complaint against Meta Platforms Ireland, the organization's EU headquarters. In the case, she claimed that despite her repeated requests, Meta continued to send her personalized advertisements in breach of the GDPR.

In a press release issued on Monday by her legal counsel at AWO, O'Carroll stated, "We shouldn’t have to give up every detail of our personal lives just to connect with friends and family online." The right to regain control over our personal data and to prevent Facebook from monitoring and tracking us is provided under the law.

Recent criticism of the GDPR's enforcement record against Big Tech corporations comes from privacy campaigners.

In a lecture at a conference in June, Wojciech Wiewiórowski, the European Data Protection Supervisor, remarked that "way too often, the GDPR puts its constraints on small entities but spares the big ones. In a way, instead of achieving level playing field, we observe how big companies, thanks to their resources, can benefit from the lack of strong enforcement and further expand their advantage over small competitors." 

The Luxembourg National Commission for Data Protection fined Amazon 746 million euros, or $767 million in U.S. dollars, in July 2021. This fine is the biggest GDPR penalty so far but it has not been finalized yet. The second-largest fine, €405 million (U.S. $417 million), was imposed to Meta subsidiary Instagram in September by the Irish Data Protection Commission (DPC).

In response to allegations that WhatsApp, another Meta subsidiary, had broken the GDPR through its data processing operations, the Irish DPC last year imposed a €225 million (then-U.S. $267 million) fine on the company. The regulator ordered WhatsApp to take action to address the problems, including updating its privacy statement and informing users of their GDPR-guaranteed rights as data subjects.

WhatsApp appealed the decision.

A Meta representative addressed the U.K. case in an email by saying, "We know that privacy is important to our users, and we take this seriously. That’s why we build tools like privacy check-up and ads preferences, where we explain what data people have shared and show how they can exercise control over the type of ads they see."



bottom of page