Privacy Concerns Surrounding Meta’s Planned Twitter Killer, Threads
Meta’s planned Twitter killer, Threads, is yet to be publicly available, but it is already causing concerns about user privacy. Mandatory disclosures on iOS reveal that the app may collect highly sensitive information about users, including health and financial data, precise location, browsing history, contacts, and other sensitive information. This data collection aligns with Meta’s business model of tracking and profiling users for behavioral advertising, but it raises questions about the app’s viability in the European Union (EU), given recent legal developments.
Legal Basis Challenges and Delay of EU Launch
One of the primary reasons for the EU launch delay of Meta’s Threads App is the legal basis for processing personal data. Previously, Meta claimed that the performance of a contract justified processing Facebook users’ data. However this claim was found unlawful at the beginning of this year. Meta then switched to claiming legitimate interest as the legal basis. However a recent judgment by the EU’s top court stated that this basis is not appropriate for running behavioral ads. The court emphasized the need to obtain consent for such processing. Further complicating the app’s compliance with EU data protection laws.
Lack of Consent Mechanisms and Compliance with GDPR
Under current EU law, the processing of sensitive information, such as health data, requires explicit consent. This is a higher standard of compliance with the General Data Protection Regulation (GDPR). However, Meta’s Threads App currently lacks clear consent mechanisms. It fails to offer users the option to deny tracking and profiling. Additionally, forthcoming EU regulations will ban the use of sensitive data for ads and may require explicit consent for data combination in ad profiling, adding more uncertainty to Meta’s data-driven business.
Inadequate Protection of European Data and App Association with Instagram
Meta’s recent order to stop sending EU users’ data to the US and the resulting GDPR fine highlights the company’s inadequate protection of European data. The same requirement could be extended to other Meta services that do not prioritize privacy. The app’s association with Instagram, rather than being explicitly branded as a Meta app, raises questions about whether Meta is truly reforming its approach to user tracking and choice.
Irish Data Protection Commission’s Clarification and Concerns Over Digital Markets Act
The Irish Data Protection Commission (DPC) has clarified that it has not prevented Meta from launching Threads in the EU; rather, Meta has stated that it has no current plans for an EU launch. The company is likely concerned about the legal risks associated with the forthcoming Digital Markets Act (DMA), which will enforce significant changes in the EU’s regulatory approach to digital giants. Meta’s operations would need to undergo a significant transformation to comply with EU regulations and address the legal uncertainty surrounding data use.
Regulatory Dynamics in the UK and Perception of Lower Legal Risk
In contrast to the EU, Threads is scheduled to launch in the UK, where different regulatory dynamics apply since the country is no longer part of the EU. The UK’s data protection regime aligns with the GDPR, but the Information Commissioner’s Office (ICO) has been criticized for its limited action against surveillance advertising industry breaches. Meta may perceive a lower legal risk in Brexit Britain due to the ICO’s previous inaction. However, the UK government’s plan to weaken domestic data protection standards could further erode privacy safeguards.
GDPR Fines and Potential Higher Penalties Under the DMA
Meta has faced substantial fines for GDPR violations in the EU. Also the DMA introduces the potential for even higher penalties. Fines can reach up to 10% of global annual turnover, under the DMA, compared to the GDPR’s maximum of 4%. Although fines issued by data protection authorities have not reached their theoretical maximum. They have still had a significant impact on tech giants like Meta.
Addressing Privacy Concerns and Ensuring Compliance with Data Protection Regulations
Meta’s Threads App launch delay in the EU shows the need to address privacy concerns. Compliance with data protection regulations is crucial. The app’s data-grabbing approach conflicts with EU privacy expectations and legal requirements. To gain user trust, Meta must make substantial operational changes. Respecting user choice over tracking is vital. This will help Meta navigate the complex EU regulatory landscape.