personalised ads

CJEU C-604/22 IAB Europe TC String 7 Mar 2024

members – 6 min read

[Final 🇧🇪 ruling] GDPR definitions are broad; information = personal data if, with third-party data, someone can be identified. Joint controllership doesn’t automatically extend to further processing, but you’re one if you set binding rules on processing and jointly determine purposes and means.

May 14, 2025

Luxembourg Court upholds major €746m fine to Amazon

members – 2 min read

Just added the ruling. Fine and daily penalty upheld for Articles 6, 12-17, and 21 violations related to interest-based ads, but since an appeal is inevitable, this isn’t final yet. In the meantime, Amazon doesn’t have to pay or take any action.

Mar 20, 2025

🇮🇪 DPC fines LinkedIn €310m for illegal behavioural analysis and targeted advertising ('BA & TA')

members – 7 min read

Key takaways: Lack of lawful basis = loss of control = 'significant damage', lawful bases are notoriously tricky to get right, and most have lots to gain in improving information and transparency. Full decision = a key lesson on legitimate interest and LIAs.

Jan 22, 2025

Consent or Pay resources

members – 2 min read

Updated this post to gather some of the Consent or Pay resources while we wait for the EDPB's Guidelines!

Jan 15, 2025

CJEU C-446/21 Schrems (Communication of data to the general public) 4 Oct 2024

members – 5 min read

A ruling that sparks questions around 'strictly necessary' and 'purpose'. Facebook can't indiscriminately use personal data on or off their platform for personalised ads, without restricting the duration and type of data.

Dec 8, 2024

My Meta Pay or Okay experience - now they're cutting the price with 40%

members – 5 min read

Latest: Meta reduces sub prices and offers new free choice with less personalised ads, claiming it "goes beyond what is required in the law". 💸 And gets huge fines: €797.72m from the 🇪🇺 EC for antitrust violations and $25.4m from 🇮🇳 India's competition authority for 2021 privacy notice failures.

Nov 15, 2024

CJEU C-252/21 Meta Platforms and Others (General terms of use of a social network) 'Bundeskartellamt' 4 Jul 2023

members – 6 min read

The 'Bundeskartellamt' ruling, where the CJEU applies 'strictly' to the legal bases necessity test for the first time. 🔥 You might rely on legitimate interest for direct marketing, network security or product improvement, but the processing must now meet this higher threshold.

Nov 13, 2024

Grindr NOK 65m fine upheld in Norway (again)

members – 2 min read

The Oslo District Court ruled in favour of the state on all points, after Grindr sued the authorities after the Privacy Appeals Board fully upheld the DPA's decision, including the NOK 65m record fine. Preliminary win, but expect an appeal.

Jul 5, 2024

EDPB's controversial ‘Consent or Pay’ Opinion is here

members – 2 min read

[Updated 24 April with highlighted file + 🎙️] Is the EDPB trying to "rewrite the entire economic model of Big Tech and the adtech industry in the EU"? 🤔 Controversial Opinion just published!

Apr 24, 2024

Norway DPA warns site tracking investigations 🧐

members – 2 min read

⏰ Datatilsynet will soon start investigating non-compliant tracking technologies. If you use Meta Pixel or similar, it's time for website due diligence!

Dec 21, 2023

EDPB publishes Urgent Binding Decision regarding Meta

members – 1 min read

NB! This post was updated later with two key items: the actual EDPB decision and the DPC's Enforcement notice.

Dec 7, 2023

The EDPB extends the Meta ban to the entire EEA permanently

members – 2 min read

The EDPB makes the Norwegian DPA's ban on Meta's behavioural advertising on Facebook and Instagram permanent and extends it to the entire EEA

Oct 31, 2023