Business

Brussels court rules tracking-based ads illegal under GDPR, challenging major tech firms' consent model

Saturday, 17 May 2025 12:28AM UTC

A landmark ruling from the Brussels Court of Appeal declares the use of tracking for targeted advertising illegal under GDPR, exposing the flaws in the Transparency and Consent Framework and putting pressure on major tech companies like Meta and Google to overhaul their user data practices.

The recent ruling by the Brussels Court of Appeal marks a significant turning point in the landscape of online advertising in Europe, declaring the use of tracking by advertisers illegal under the EU’s General Data Protection Regulation (GDPR). Central to this decision is the finding that the widely employed Transparency and Consent Framework fails to ensure the requisite level of informed consent from users before their personal data is processed for targeted advertising.

This development is particularly striking given the substantial reliance of major tech companies, including Microsoft, Amazon, Google, and others, on this consent model to justify their data collection practices. The court's ruling highlights that the pop-up notifications typically used to solicit consent do not adequately protect user privacy, failing to counter the inherent risks associated with real-time bidding—a system that enables advertisers to bid on individual ad impressions as users browse the internet. This process involves the rapid sharing of personal data with multiple companies, creating an alarming privacy breach, as noted by Hannah Storey, Policy Advisor on Technology and Human Rights at Amnesty International. Storey stated, “Every time you load a website, this personal information is shared with thousands of companies… that’s a massive privacy breach.”

The implications of this decision extend beyond just privacy concerns. They resonate within the broader context of escalating fraud within the online advertising ecosystem. Recent reports indicate that Meta, parent company of Facebook and Instagram, has been associated with a significant share of reported scam ads. From 2023 to 2024, nearly half of the misleading advertisements on Zelle, used by JPMorgan Chase, were found to be hosted on Meta’s platforms. This troubling landscape is compounded by an internal assessment from Meta revealing that approximately 70% of newly active advertisers on its platform were promoting illegal goods, scams, or low-quality products.

In a related development, the Court of Justice of the European Union has reiterated the necessity for companies like Meta to strictly adhere to GDPR guidelines, especially regarding the use of personal data sourced from public domains. One notable case involved privacy activist Max Schrems, who successfully challenged Facebook's use of his publicly disclosed sexual orientation for targeted advertising, underscoring the court’s stance that such practices violate user privacy rights. The ruling calls for a more stringent application of data protection laws, sending a clear message to companies that personal data must be handled with respect and care.

This series of judicial rulings signifies a burgeoning movement towards enhanced privacy rights in Europe, compelling companies to reassess their data practices fundamentally. Advocacy groups see these decisions as a major victory for privacy rights, pushing the tech industry towards a model that prioritizes respect for user data rather than exploiting it for surveillance-based advertising. As consumers become increasingly aware of their rights and protections, the pressure on companies to adapt to this new legal landscape will likely intensify, prompting a broader transformation across the digital advertising sector.

In conclusion, these rulings not only spotlight the inadequacies of existing consent models in protecting user privacy but also reflect a shifting paradigm in which the emphasis is placed on safeguarding personal data against exploitation. The future of advertising in Europe may well depend on how companies respond to these critical developments, steering the industry away from surveillance-driven practices towards more ethically sound methodologies.

Reference Map

Paragraph 1: ^[1]
Paragraph 2: ^[1]
Paragraph 3: ^[1]
Paragraph 4: ^[2], ^[3], ^[4], ^[5]
Paragraph 5: ^[6], ^[7]

Source: Noah Wire Services

More on this

https://therecord.media/eu-court-rules-tracking-based-ads-illegal - Please view link - unable to able to access data
https://www.dw.com/en/top-eu-court-rules-against-meta-over-facebook-targeting-ads/a-70406926 - The Court of Justice of the European Union ruled that Meta cannot use personal data obtained from public sources outside its platform for targeted advertising. This decision stems from a case where Austrian privacy activist Max Schrems objected to Facebook using information about his sexual orientation, which he had disclosed publicly but not on the platform, to target him with specific ads. The court emphasized that such data processing violates the EU's General Data Protection Regulation (GDPR).
https://www.bbc.com/news/articles/c4gr4r5ln03o - The European Court of Justice mandated that Meta must minimize the amount of personal data it uses for personalized advertising. This ruling came after privacy campaigner Max Schrems complained that Facebook misused his personal data regarding his sexual orientation to target him with ads. The court's decision underscores the necessity for companies to adhere to data protection laws and respect user privacy.
https://www.wired.com/story/meta-cant-use-sexual-orientation-to-target-ads-in-the-eu-court-rules/ - The Court of Justice of the European Union ruled that Meta cannot use personal data about a user's sexual orientation, obtained from public sources outside its platform, for targeted advertising. This decision arose from a case where Austrian privacy activist Max Schrems objected to Facebook using information about his sexual orientation, which he had disclosed publicly but not on the platform, to target him with specific ads. The court emphasized that such data processing violates the EU's General Data Protection Regulation (GDPR).
https://www.politico.eu/article/meta-advertising-empire-faces-growing-hurdles-in-europe/ - The Court of Justice of the European Union ruled that Meta cannot use personal data obtained from public sources outside its platform for targeted advertising. This decision stems from a case where Austrian privacy activist Max Schrems objected to Facebook using information about his sexual orientation, which he had disclosed publicly but not on the platform, to target him with specific ads. The court emphasized that such data processing violates the EU's General Data Protection Regulation (GDPR).
https://www.dw.com/en/top-eu-court-rules-against-meta-over-facebook-targeting-ads/a-70406926 - The Court of Justice of the European Union ruled that Meta cannot use personal data obtained from public sources outside its platform for targeted advertising. This decision stems from a case where Austrian privacy activist Max Schrems objected to Facebook using information about his sexual orientation, which he had disclosed publicly but not on the platform, to target him with specific ads. The court emphasized that such data processing violates the EU's General Data Protection Regulation (GDPR).
https://www.dw.com/en/top-eu-court-rules-against-meta-over-facebook-targeting-ads/a-70406926 - The Court of Justice of the European Union ruled that Meta cannot use personal data obtained from public sources outside its platform for targeted advertising. This decision stems from a case where Austrian privacy activist Max Schrems objected to Facebook using information about his sexual orientation, which he had disclosed publicly but not on the platform, to target him with specific ads. The court emphasized that such data processing violates the EU's General Data Protection Regulation (GDPR).

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative discusses recent rulings and developments in the EU's approach to online advertising data privacy, indicating it is based on current events. However, specific details about the court case were not verified against external sources.

Quotes check

Score: 6

Notes: The quote from Hannah Storey, Policy Advisor at Amnesty International, could not be verified against earlier online sources. It is possible that this is an original quote, but without further context, it remains uncertain.

Source reliability

Score: 4

Notes: The narrative originates from a less well-known publication ('The Record'). While it discusses real issues and developments, its reliability is uncertain compared to more established news outlets.

Plausability check

Score: 9

Notes: The claims about the EU's stance on data privacy and the transparency issues with consent models are plausible and align with recent legal developments in the EU.

Overall assessment

Verdict (FAIL, OPEN, PASS): OPEN

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary: The narrative discusses plausible and current developments in EU data privacy regulations. However, the reliability of the source is uncertain, and the freshness of specific details could not be fully verified.

GDPR
online advertising
privacy
Meta
European Union
data protection
tech regulation