Norway’s data regulator will refer the ongoing fine it has imposed on Meta Platforms to the European data authority, it said on Thursday, a move that could make the penalty permanent and widen it to the European Union.
The owner of Facebook and Instagram has been fined one million crowns ($93,000) per day since Aug. 14 for three months for breaching users’ privacy by harvesting their data and using it to target advertising at them, a business model common to Big Tech.
That is the maximum period for which the Norwegian regulator Datatilsynet is allowed to impose such a penalty.
Datatilsynet is now referring its decision to the European Data Protection Board (EDPB), which could make the decision permanent and widen it to the European Union and the European Economic Area. Norway is not a member of the EU but is part of the European single market.
“Meta is not respecting our decision in Norway and they continue to violate the law across Europe,” Tobias Judin, Datatilsynet’s head of international section, told Reuters.
“Over 250 million people are affected. Therefore, it is necessary to get a final decision from the EDPB so that we can force compliance on the European level.”
The decision comes after Meta unsuccessfully sought a temporary injunction against Datatilsynet’s fine.
Meta said it was “surprised” by Thursday’s decision given that it “has already committed to moving to the legal basis of consent for advertising in the EU/EEA”.
“We remain in active discussions with the relevant data protection authorities on this topic via our lead regulator in the EU, the Irish Data Protection Commission, and will have more to share in due course,” said a Meta spokesperson.
The Norwegian regulator has said that it was unclear when, and how, Meta would seek consent from users and that in the meantime users’ rights were being violated.
The EDPB did not immediately reply to a request for comment.