top of page

The Meta Privacy story: Could you be next?

Updated: May 8, 2023

Accept or reject!

Taking the user's cookie consent with these two simple words cost Meta a hefty fine of $414 million. Hysterically terrible, right?

One thing is sure. Data privacy laws, especially GDPR, are in no mood to spare those collecting data without cookie consent and even forcing the user to provide it.

As good as marketers are with personalization, they need to learn how to do so better by taking the user's consent in a world awakening with privacy laws.

Meta privacy case is an example for marketers worldwide to acknowledge that people can't be treated as products. They are humans. Get their consent through cookie consent to use their data for personalized ads. And at the same time, find more creative ways to build long-term relationships and create a brand identity.

Before we understand further what future implications you can have on your business for non-compliance, whether you are a big or small business, let's study Meta's case and understand where exactly they went wrong.

The Meta Privacy case: A bitter lesson for other businesses

On May 25th, 2018, when the world's stringent data privacy law, the General data protection regulator, finally came into effect, two data subjects, an Austrian and a Belgian, took NYOB's help to file a case on Meta.

Noyb is an NGO based in Vienna, Austria, boasting itself as an entity with a mission to close the gap between privacy laws and not so "lawful" practices of the corporate world, especially the big-tech.

Then, another complaint was filed by a German on WhatsApp, which was, intentionally or unintentionally, delayed to mid-January, according to an email by the Irish data protection commission (DPC).

It turned into a long-term legal battle and rebuttal with no concrete results until a significant event in 2022.

In December 2022, EDPB overturned the previous draft judgment by the Irish DPC, who concurred that Meta's bypass of the GDPR was true and legal.

There had been reports from various sources that Meta conducted a highly "confidential" meeting with top authorities of the Irish DPC, which tried to cover Meta's not so "lawful" practice of personal data collection, ultimately endangering the lives of the EU citizens.

So, what exactly did Meta do? They tried to bypass the cookie consent law when GDPR was enacted.

How? Well, read further to find out.

Before GDPR, Facebook, now Meta, used to use cookie consent but didn't give its users the option to either accept or reject the use of cookies for personalized ads.

But on May 25th, 2018, at midnight, when GDPR was enacted, Meta slyly moved this cookie consent into its Terms and Conditions Policy.

They argued that personalized ads are part of the "Service" that it contractually owes to the users. But as per GDPR Article 6(1), this was a clear violation of cookie consent.

Max Schrems, the Austrian-born data privacy activist, lawyer, and renowned author, who is known for his campaigns against Facebook for its privacy violation and unethical transfer of personal data to the US national security agency, said

"Instead of having a 'yes/no' option for personalized ads, they just moved the consent clause in the terms and conditions. This is not just unfair but illegal. We are unaware of any other company that has tried to ignore the GDPR in such an arrogant way."

Meta, till now, has been fined with a collective penalty of more than $1 Billion by European and US authorities as well. According to Reuters, Meta plans to appeal the decision and the fines the commission imposed.

But one of the main concerns that should be addressed is the massive consequences this will have on Meta and its business and the advertising industry in general.

Consequences: No personalized ads mean fewer profits

More than 40% of Meta's revenues come from Advertising. This means that Meta sells Advert spaces to companies to put up ads and provides them with private data to leverage personalization.

Meta has been given three months to comply with the GDPR cookie consent laws, and meanwhile, they are allowed to run ads but without the usage of any personal data. They are also directed to use a cookie consent banner with an option of YES/NO, for the user to either accept or reject or withdraw any personal information that Meta could use for personalized ads.

European Union, home to roughly 450 million people, is one of the largest market for Meta. These 450 million people would decide whether they want Meta to use their personal information for targeted promotions such as–video or reels that induces people to take action on Instagram, even if irrelevant, links that people click when surfing through their Facebook feeds. When put together, all this helped Meta generate more than $118 Billion in revenue in 2021 alone. But the judgment by EDPB has got them by their gut.

The judgment by EDPB will cut Meta's overall advertising revenue by at least 5-7%. And given its decreasing brand value and reputational damage, it will be a big challenge for Meta to pick their pieces up. They already suffered a significant blow in 2021, when Apple made changes that enabled iPhone users to choose whether advertisers could track them. Meta said these changes by Apple would cost them at least $10 billion in revenue in 2022.

The Future of Business: Consent

All this drama boils down to one thing. Be empathetic and ask for the user's consent. Trying to be over-smart and putting users as fish bait to collect data for advertising will backfire.

Business mantra for 2023 and beyond:

  1. Respect your customer

  2. Be empathetic

  3. Be transparent

  4. Ask for consent

  5. Be loyal

GDPR is in no mood to spare anyone who breaches the privacy of its citizens. And as new privacy laws are coming worldwide, it will become worst for those who do not comply with them.

Marketers and advertisers need to work with the customers and not against them. Be creative and provide value through your content. This is the era of pull marketing, not push. Marketers need to understand the context of their consumers and be at the right place at the right time with the right product. That's it. I know. It's easier said than done, but this is the only way to drive profits in the long term.

A note for business owners:

Intelligent business owners always reduce their cost. Your business can't afford to pay a hefty fine of $414 million and suffer a reputational cost like Meta. Be wise enough to comply with data privacy laws before they crack down on your business. A small investment today will reap big profits for you and your business. This will create trust among your customers and a brand identity that you have always dreamt of.

Recent Posts

See All
bottom of page