Topics
late
AI
Amazon
Image Credits:David Paul Morris/Bloomberg / Getty Images
Apps
Biotech & Health
Climate
Image Credits:David Paul Morris/Bloomberg / Getty Images
Cloud Computing
DoC
Crypto
go-ahead
EVs
Fintech
fund raise
convenience
stake
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
privateness
Robotics
certificate
Social
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
picture
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
The European Union ’s top court has sided with a privacy challenge to Meta ’s data retention policies . It ruled on Friday that societal networks , such as Facebook , can not keep using citizenry ’s information for ad direct indefinitely .
The judgement could have major implications on the way Meta and other ad - funded societal networks operate in the region .
limit on how long personal data can be proceed must be apply in social club to abide by with information minimization principles contained in the axis ’s General Data Protection Regulation ( GDPR ) . Breaches of the government can direct to amercement of up to 4 % of global annual turnover — which , in Meta ’s fount , could put it on the claw for billions more in penalties ( NB : it is already at thetop of the leaderboard of Big Tech GDPR breachers ) .
Contacted for a response , Meta spokesman Matt Pollard said the company is expect to see the full judgment .
“ We await the publication of the Court ’s judgment and will have more to share in due course , ” he told TechCrunch via e-mail . “ Meta takes seclusion very seriously and has invested over five billion Euros to engraft privacy at the heart of all of our products . Everyone using Facebook has access to a wide chain of mountains of setting and tools that allow people to manage how we practice their information . ”
The adtech giant makes money by tracking and profiling users of its social mesh , both on its own services and also around the web , through a connection of tracking technologies including cooky , pixels and social plug - inch , in purchase order to trade micro - targeted advertising service of process . So any point of accumulation on its ability to incessantly profile web users in a major area for its business could hit its tax revenue .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Last year , Meta suggested that around 10 % of its global ad revenue is generated in the EU .
Another Schrems vs. Facebook success
The CJEU ruling follows a referral from a court in Austria where European secrecy nominee , Max Schrems , had filed a challenge to Facebook ’s data collection and effectual basis for advertising , among other issues .
Commenting on the profits in astatementpublished by Schrems ’ secrecy right non - profitnoyb , his lawyer , Katharina Raabe - Stuppnig , wrote : “ We are very pleased by the ruling , even though this resultant role was very much await . ”
Summarizing this component part of the judgement in a press freeing , the CJEU write : “ An online societal connection such as Facebook can not use all of the personal data obtained for the determination of targeted advertising , without confinement as to time and without eminence as to type of data point . ”
Back in 2022 , aninternal memoranda write by Meta engineerswhich was obtain byVice ’s Motherboardlikened its data collection practices to tip bottles of ink into a Brobdingnagian lake and suggested the troupe ’s aggregation of personal data lacked mastery and did not bring itself to being able to silo different case of data or apply datum retention boundary .
Although Meta claim at the time that the document “ does not describe our extensive mental process and controls to comply with privateness regulations . ”
How incisively the adtech hulk will need to amend its datum retention exercise following the CJEU opinion stay to be ascertain . But the practice of law is vindicated that it must have limits . “ [ advertizement ] company must develop data management protocols to step by step delete unnecessary data or block using them , ” noyb propose .
No further use of sensitive data
The CJEU has also weighed in on a 2d question referred to it by the Austrian royal court as part of Schrems ’ litigation . This concerns sensitive data that has been “ plain made public ” by the data theme , and whether sensitive characteristic could be used for advert targeting because of that .
The royal court ruled that it could not , maintaining the GDPR ’s purpose limitation principle .
“ It would have a Brobdingnagian shivery consequence on free speech , if you would lose your right wing to data protection in the moment that you criticize unlawful processing of personal information in world , ” wrote Raabe - Stuppnig , welcoming that “ the CJEU has resist this notion . ”
involve about Meta ’s purpose of so - call limited category data — as sore personal entropy such as sexual orientation , health information and religious position are sleep with under the EU law — Pollard claim the company does not process this information for ad targeting .
“ We do not use special category of data that users render to us to individualise advertizement , ” he write . “ We also prohibit advertisers from sharing raw information in our terms and we filter out any potentially raw information that we ’re able to observe . Further , we ’ve take steps to remove any advertiser targeting options based on topics perceive by exploiter to be sensitive . ”
This component of the CJEU opinion could have relevance beyond societal media service surgical operation per se as tech giants — including Meta — have recently been skin to repurpose personal data as AI training fresh fish . Scraping the net is another tactic AI developers have used to grab the vast sum of money of datum required to train bombastic language example and other generative AI models .
In both cases grab people ’s data for a raw purpose ( AI training ) could be a rift of the GDPR ’s purpose restriction principle .
