Norway court upholds miniscule fine against Meta for flouting privacy rules A court in Oslo, Norway, has upheld the Norwegian Data Protection Authority's daily fines against Meta for delivering behavioral advertising in violation of data privacy rules. In July, the data protection agency, known as Datatilsynet, temporarily banned Meta and its Facebook social ad business from serving behaviorally …
The current few million fine isn't even pocket change for them, more like pocket lint...
...BUT...
I can understand why they are fighting it tooth and nail. If the Norway regulator wins this case, it opens them up to similair litigation from every other data regulator in Europe. And by saying that to comply they have to exit Norway completely, they admit that they basically can't really comply because their whole site is built around data-slurping. Which means that if they come under proper GDPR scrutiny, they are toast.
In the strictly legal sense it doesn't, but in practice success in one place emboldens regulators to act elsewhere.
These companies work very hard to make it seem that it will be pointless to prosecute them for their blatantly illegal behavior, as they will throw infinite lawyers and dodgy experts at it, until any results have been neutered. They try to "make an example" of anyone who tries to make them comply with the law.
but in practice success in one place emboldens regulators to act elsewhere.
Are you assuming that regulators are scared of companies they are supposed to regulate? They need to be "emboldened"? Oh...
Like company X got a fine in country Y and case workers didn't have a car accident or fell off the window, so country Z case workers will be less intimidated?
That's all theatre.
Are you assuming that regulators are scared of companies they are supposed to regulate? They need to be "emboldened"? Oh...
Oh, stop it already! Meta's approach (as correctly pointed out above) is taken straight from the NRA playbook. And regulators do count on precedent before they make moves (if that were not the case, then the NRA scorched earth approach would be a dismal failure, and they would have been bankrupt fighting litigation on 51 fronts. (OK, 48...it's not likely that Alabama, Mississippi, or Montana would ever do anything to regulate firearms...but I digress).
Bureaucrats are generally expected to not tilt at windmills, but only pick fights they can win. It is not laziness. And even if it is, do you think that bureaucrats are actually paid enough to want to pick losing fights with Globo-corp?
Where I live , the tax dept has an overall recovery rate target (3x), ie. overall they need to get 3x what legal action costs.
If they expect to lose a case, or not recover more than it costs, then they are not allowed to begin it.
Big multinationals know this, and structure their affairs in complicated and opaque ways that makes it extremely expensive to even investigate what they are up to, before you even try to prove anything in court.
Faecebook tried to make an example of Australia when it introduced laws making them pay news sites to link to content. That attempt lasted about a day and a half, because it didn't make the laws unpopular, it made Faecebook unpopular.
The likes of Zuckerberg have influence, but legislatures have power. Courage to use power in the face of influence, though...
(I have no inside information of this case, but some experience from another field. )
Most likely there has over time been a good deal of correspondence about the matter, shielded by the usual legal walls, so the public knows nothing about it.
There is commonly a good deal of pressure on the regulatory workers when lucrative business practices are challenged.
The fact that the case ended in court indicates that that Meta refused to comply - and that the regulatory agency was not impressed or persuaded to withdraw the case.
Now other agencies can have a view of Meta's handling of the regulatory agency.
I think the various Data Protection rules mean that each DPA is obliged to consult with the others when making a decision so that, given the same circumstances, the same decision would be reached by all the other DPAs.
So, in this case the same result should happen if this was challenged by an other DPA.....
So you are saying that this sets a de facto precedent and in the future big tech companies will be getting a slap on the wrist, because higher fine will not be in line with what Norway imposed and therefore their lawyers could argue it's disproportionate?
Talking about shooting oneself in the foot.
I think, to keep these arrogant companies in check, fines should start at one penny (or cent or whatever the local currency is) and then double for every day of non-compliance (as in the wheat and chessboard problem). When they realise exactly how much it could cost them, it should focus their attention on rapidly becoming compliant!
Fine.
So "fine" has become a synonym of cost of doing business.
Also the regulator communicates that privacy laws are just a gimmick and designed so that small players are afraid to breach them, but are up for pickings to the big guys.
Like parking tickets - the poor thinks twice before parking, but the rich doesn't even know they exist as their PA takes care of everything and so they park wherever they want.
Having to modify their behaviour is anything but impossible. It may be impossible in their own entitled minds that anybody should have the nerve to restrict their worst practices, but this just shows that they need to learn that they can't simply do whatever they like, however harmful.
Stand up to them threatening to take their ball away and go home. They will discover that their users will find other places to play if they do and don't rush back so quickly. And they will have to change and apologise if they want to be allowed back. Every country should take note of how they're trying to pick on one country at a time with their threats in order to maintain their position. And then work with others to put them in their place.
The legal fines embedded in law simply were never designed to cope with transnational corporations whose revenue (and profits) dwarf the GDP of some entire countries. The fines set in law may hurt some "normal" company, even some corporations, but for these megas it's less than their execs spend on drugs at Burning Man.
IANAL, and thank the gods, not a politician, so I have no idea why the law doesn't prescribe percentages instead of absolute amounts. (But I am a cynic, so quite possibly because, just like in the robber baron days, these corporations OWN the courts and political systems. And these lawsuits are just electioneering and grandstanding to show the plebs Something Is Being Done).
"Behavioral marketing is very widespread and has been going on for many years, including the entire period GDPR has been in effect," explains Meta in its machine translated submission [PDF] to the court.
Yes, and it should never have been!!
"Everyone does it" should not make it legal.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
