META hit with privacy complaints by EU consumer groups

This is my interview with TRT International on the Meta dispute with EU consumer groups, which are calling on the bloc to sanction the company

EU consumer groups are calling on the bloc to sanction the company Meta – which owns Facebook, Instagram and WhatsApp – for allegedly breaching privacy rules. Earlier this week, Meta announced it will set up a team to tackle disinformation and the abuse of generative AI in the run-up to the European Parliament elections – amid concerns about fake news. Abdulvehab Ejupi, a journalist at TRT International, reports.

Below are the questions and answers of my interview:

What specific GDPR rules do the consumer groups claim Meta is not complying with?
Consumer groups assert that Meta is not adhering to various rules established by the European privacy regulation GDPR:

  1. Fair Processing (Article 5(1)(a)): Personal data must be processed lawfully, fairly, and transparently. Consumer groups claim that Meta’s data collection is unfair and lacks transparency. They also allege that the social network giant potentially includes hidden clauses or misleading explanations about data usage.
  2. Data Minimization: Meta is expected to collect limited personal data for a specific scope authorized by users. Consumer groups claim that Meta collects more data than necessary for its stated purposes.
  3. Purpose Limitation (Article 5(1)(b)): Personal data must be collected for specified, explicit, and legitimate purposes. According to GDPR, Meta needs to have a legitimate reason, such as explicit consent, contractual necessity, or legal obligation, to collect and use individuals’ data.

Regardless, I emphasize that, according to GDPR, Meta needs a legitimate reason to collect and use individuals’ data, such as explicit consent, contractual necessity, or a legal obligation.

How does the European Consumer Organisation view Meta’s data processing practices in relation to surveillance-based business models?

The European Consumer Organization strongly opposes Meta’s business model for data collection and processing. They perceive this approach as inconsistent with the core rules of GDPR and believe it represents a serious threat to individual privacy rights.

What has been the criticism regarding Meta’s recent launch of paid, ad-free subscriptions in Europe, and how does Meta defend this move?

Critics argue that Meta is charging users for a basic privacy setting while still collecting extensive data. On the other hand, Meta contends that their subscription model is a legal and compliant response to evolving regulations regarding user consent and data processing.”

Below is the video of my interview:

In 2023, the European Union fined Meta $1.3 billion for transferring user data to the US. This is the biggest fine since the adoption of the General Data Protection Regulation (GDPR) by the European Union (EU) on May 25, 2018.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, privacy)