Meta’s Antitrust Battle in Germany Over ‘Super profiling’ Ends with Data Limits
Meta agrees to data limits in Germany after years-long antitrust case, marking a win for privacy rights and setting a precedent for EU regulators.
After a prolonged legal battle, Meta (formerly Facebook) has agreed to significant changes in how it handles user data in Germany, following antitrust scrutiny from the German Federal Cartel Office (FCO), also known as Bundeskartellamt. This marks a major milestone in the ongoing global debate about privacy rights, surveillance-based advertising, and competition in digital markets. Meta’s decision to withdraw its appeal against the FCO's orders signals a victory for data privacy advocates and highlights how competition law is increasingly intersecting with privacy regulations.
The Genesis of the Case: Superprofiling and Consentless Tracking
The origins of this case trace back to 2019 when the FCO challenged Facebook's practice of “superprofiling” users. Superprofiling involves combining user data from Facebook, Instagram, and third-party websites and apps to build comprehensive profiles without user consent. The FCO argued that Meta, given its dominant position in the social media market, was exploiting users by making such extensive data collection and linking mandatory for its services. The regulator deemed this an abuse of monopoly power and a violation of users' rights to control their personal data.
The FCO's stance was groundbreaking because it connected competition law with privacy rights, viewing Meta's business practices not only as a breach of privacy but also as harmful to fair competition. By leveraging its dominance, Meta could exploit user data for targeted advertising, giving it an unfair edge over competitors and forcing users into a data-collecting ecosystem without meaningful alternatives.
The Concessions Meta Agreed To
As part of the settlement with the FCO, Meta has made several concessions, which are expected to change how user data is handled across its platforms. The main change is that users of Facebook and Instagram will no longer be required to consent to unlimited data collection across Meta’s ecosystem. Instead, users will have greater control over how their data from different services is combined and used for ad profiling.
Some of the key operational changes Meta agreed to include:
- Accounts Center for Data Separation: Meta introduced an Accounts Center, where users can opt to keep their data from Facebook, Instagram, and third-party services separate. This tool gives users a choice that wasn’t available before, allowing them to prevent Meta from combining their data for ad targeting.
- Cookie and Data Settings: Users now have more control over their cookie settings, specifically deciding whether they want their data from external websites and apps to be combined with information Meta gathers from its platforms.
- Facebook Login Exception: Users who log into third-party websites or apps using Facebook Login can now prevent Meta from combining that external data with their Facebook data, without losing access to Facebook Login. Previously, users had to accept data combination or lose the convenience of this feature.
- Temporary Data Combination for Security: Meta is still allowed to combine data for security purposes, but this will be done only temporarily and for a limited time, as predefined by Meta and regulated by the FCO.
- Enhanced Transparency and Notifications: Meta has committed to making its data policies clearer. Users who have previously consented to data combination will be shown prominent notifications guiding them to updated consent options. Meta will also place a clear notice about data combination options at the top of its data policy, ensuring that users are aware of their rights and choices.
These concessions mark a significant change in how Meta operates in Germany, and potentially across Europe, as it adjusts its practices to comply with data protection laws and competitive fairness.
Implications for Meta’s Business Model
Meta’s consentless data collection has been a cornerstone of its advertising-based revenue model. By combining user data across platforms, Meta can offer highly targeted advertising, which is more lucrative than traditional methods. The FCO’s challenge, by limiting this data combination, strikes at the heart of Meta’s business practices in Europe.
While Meta has introduced these changes to comply with the FCO’s order, it’s important to note that this is not the first time the company has had to adjust its operations in response to regulatory pressures. For instance, Meta has already implemented similar changes across the European Union following rulings by the European Court of Justice (CJEU), including rolling out the Accounts Center for data separation. The company is also facing challenges under the EU’s General Data Protection Regulation (GDPR), which stipulates that data processing must be based on freely given and informed consent.
Interestingly, Meta’s response to recent legal pressures has been to offer users in Europe two choices: either consent to data tracking for free services or pay a subscription fee to avoid being tracked. This "pay or consent" model is now under scrutiny by various European authorities, including the European Commission, which is investigating whether it violates the bloc’s Digital Markets Act (DMA). The DMA was inspired, in part, by the FCO’s original case against Meta.
The FCO’s Victory and the Future of Privacy Regulation
The conclusion of the FCO’s case represents a significant win for privacy advocates, setting a precedent for how competition law can be used to address privacy abuses. Andreas Mundt, president of the Bundeskartellamt, emphasized the importance of this ruling, stating that the changes Meta has made grant users far greater control over how their data is used.
While this may not be the final word on Meta’s practices in Europe, it is a major step forward in curbing the company's ability to collect vast amounts of data without user consent. The FCO has succeeded in forcing one of the world’s largest tech companies to rethink its data practices, but the battle over privacy and competition in the digital age is far from over.
The implications of this case are wide-reaching, particularly as more regulators around the world scrutinize the business practices of tech giants like Meta. The European Union, with its stringent GDPR and new Digital Markets Act, is leading the charge in regulating digital platforms, but other regions may follow suit.
The Larger War on Surveillance-Based Advertising
Meta’s business model, like that of many tech giants, is built on surveillance-based advertising. The company’s ability to offer hyper-targeted ads is predicated on its vast data collection operations, which track users both on and off its platforms. However, as awareness of privacy issues grows, regulators and consumers alike are pushing back against this model.
The FCO’s case, combined with other legal challenges across Europe, could signal the beginning of the end for consentless data tracking. If regulators continue to enforce stricter controls on data collection and users become more aware of their rights, companies like Meta may be forced to adopt more transparent and privacy-respecting business models.
The conclusion of Meta’s antitrust battle in Germany represents a major win for data privacy and competition law. The FCO’s groundbreaking case has not only forced Meta to make significant changes to its data handling practices but has also set a precedent for how regulators can address the privacy abuses inherent in surveillance-based advertising models.
As Meta faces increasing regulatory scrutiny across Europe, the long-term sustainability of its business model remains in question. While the FCO’s case may be over, the broader fight against consent less data tracking and privacy violations is just beginning. The outcome of this case will likely inspire further action from regulators around the world, pushing tech companies to prioritize user privacy and fair competition.