Facebook, Instagram and WhatsApp may need to overhaul how they collect the data of users in Europe after the top EU court ruled against parent company Meta on Tuesday.
The European Court of Justice (ECJ) ruled in favour of Germany’s anti-cartel watchdog, which had argued that it could take data privacy issues into account when considering antitrust cases.
One of the key issues in the case was Meta’s ability to link data across platforms, which allows it to closely target adverts at users, the principal way it makes money.
The German watchdog barred Meta from mixing personal data gathered on Facebook with details harvested from Instagram or WhatsApp, arguing that it amounted to an abuse of its dominant market position in Germany.
The European court said cartel offices were within their rights to carry out investigations under the EU’s huge data protection regulation (GDPR).
“The judgment will have far-reaching effects on the business models used in the data economy,” tweeted Andreas Mundt, head of the anti-cartel watchdog.
Echoing many previous rulings against Meta and other big tech firms, the court ruled that the US company must ask for permission to collect large amounts of personal data, striking down various workarounds that Meta had offered.
Meta is likely to need to find a different method of gathering data in Europe as a result.
“We are evaluating the Court’s decision and will have more to say in due course,” a Meta company spokesperson told AFP.
Privacy campaign group noyb welcomed the ruling, saying it clarifies once again that Meta cannot sidestep the GDPR.
“This will mean that Meta has to seek proper consent and cannot use its dominant position to force people to agree to things they don’t want,” said the group’s Max Schrems.
The ruling could also imperil other big platforms like Google, which has a similar ad-tech business model.
Related: Meta Fined Record $1.3 Billion and Ordered to Stop Sending European User Data to US
Related: Meta Swiftly Neutralizes New ‘NodeStealer’ Malware
Related: Meta Slapped With 5.5 Million Euro Fine for EU Data Breach
