Secure your place at the Digiday Publishing Summit in Vail, March 23-25
Meta already faces a lot of regulatory pressure in Europe, but the parent company of Facebook and Instagram now has yet another government poking at its privacy practices.
On Monday, the Norwegian Data Protection Authority (Datatilsynet) said it will require Meta to stop behavioral advertising on Facebook and Instagram in the country for the next three months unless users give consent. If Meta doesn’t comply with the ruling — which applies to data such as web browsing and location — the company will face daily fines of around $100,000.
Although the ruling was limited to just Norwegian users of Meta’s platforms, privacy experts think it could have broader implications for other countries and companies if it’s adopted by other EU regulators. One attorney also noted Norway’s decision addresses whether companies can use their own first-party data to personalize ads without asking for consent, which in this case is limited to info such as a person’s information listed in their profile.
“This decision would have major impacts on the standard business processes across industries,” said Dan Felz, a partner at the law firm Alston & Bird. “It goes well beyond the decision about ads personalization issued in January by the Irish Data Protection Commissioner. The closest thing I have seen is German regulators attempting to move financial services providers towards a consent-first model for customer profiling for advertising purposes.”
The decision comes after other key decisions related to Meta’s advertising operations in Europe including the EU’s top court ruling earlier this month that Meta was violating EU privacy laws by collecting users’ data for behavioral advertising.
By raising new questions about the legal basis of consent when it comes to ad-tracking, others say Datatilsynet’s decision could prompt companies to explore other advertising models — such as shifting toward contextual targeting or going dark on Meta platforms — rather than risk regulatory action.
“We’re seeing privacy regulators show their teeth a bit more this year,” said Joe Jones, director of research and insights at the IAPP. “… There’s something in this judgment for everyone.”
Meta did not respond to Digiday’s request for comment, but some privacy advocates celebrated Monday’s ruling by issuing their own statements. In a press release published by NOYB — an Austria-based digital rights group that helped spark a privacy investigation in France against the Parisian ad-tech firm Criteo — Program Director Romain Robert described Norwegian DPA’s decision as “exciting.”
“It clearly seems to be an attempt to bypass the Irish DPC, which wasn’t enforcing its own decision against Meta give years after NOYB’s complaints,” Robert said in a statement.
In a blog post published by Amnesty International, Sherilyn Naidoo, Amnesty International’s policy adviser on technology and human rights, said using social media and protecting privacy “should not be a tradeoff” and urged other governments in Europe and elsewhere to take similar actions.
“Data protection authorities across the EU and the wider world should follow suit in taking similar action in the short term,” Naidoo said in the statement. “And in the long term should enact binding regulation to ban targeted advertising on the basis of invasive tracking practices.”
More in Media Buying
OpenAI is building the ad tech stack it’s currently borrowing
Tech companies don’t build out an internal ads org – let alone pay up to $385,000 to do it – if they’re planning to rely on outside vendors forever.
Media Buying Briefing: Overheard at DMBS Spring 2026: AI from the top to the bottom of agencies
The Town Halls revealed the most about the challenges and solutions media agencies face with integrating AI systems and processes into workflows
The Rundown: Ad tech’s performance in 2025 was overshadowed by AI concerns and Big Tech
Despite revenue increases, the markets were brutal but reports over talks with OpenAI proved later upside.