On January 4, the Irish Data Protection Commission (DPC) fined Meta €390 million ($414 million) for violating Europe’s privacy law, the General Data Protection Regulation ( GDPR ), and directed the company to bring its data processing operations into compliance within 3 months. Shortly thereafter, the European Data Protection Board ( EDPB ), which consists of all the European data protection authorities, released the text of its binding decision that dictated the Irish DPC’s ruling. The key finding is that Meta cannot rely upon its contract with users as providing a sufficient legal basis for processing user data for personalized ads. If upheld on appeal, this decision might require social media companies and other online businesses to significantly revise their data-focused advertising business model in the name of protecting privacy. I want to discuss the EDPB’s decision in two parts. In this post, I will first analyze its legal basis and assess its likely business implications. In the next part, I will consider whether this decision holds some lessons for policymakers as they seek to revise U.S. laws to protect privacy more adequately. The European Privacy Approach The European Union’s GDPR became effective in 2018. It requires companies to […]
K&X Design and Investment Technology, LLC
Invest The Invisible Impact
K&X Design and Investment Technology, LLC
Invest The Invisible Impact
