Meta to Let Users Opt Out of Some Targeted Ads, but Only in Europe

Users who wish to opt out will have to submit an online form objecting to Meta’s use of their in-app activity for ads, and the company will then evaluate any user’s objection before implementing the change, the people said. That could limit the effect of the change to Meta’s advertising business, and fall short of satisfying at least some regulators and privacy activists.

The change would be the latest divergence in user options for some services on each side of the Atlantic, such as how users are faced in Europe with cookie-consent boxes they often don’t see in the U.S. The opt-out comes as Meta faces a compliance deadline for a pair of landmark rulings from Ireland’s Data Protection Commission, which leads enforcement of the EU’s main privacy law for Meta. 

The regulator in early January said it was fining Facebook and Instagram a total of 390 million euros, or about $423 million, in part for requiring users to agree to a contract that includes so-called behavioral ads, which are targeted based on a user’s digital activity. The Irish regulator gave Facebook and Instagram three months to stop relying on their contracts with users—a reference to the apps’ terms of service—to justify such ads.

Meta says it is continuing to appeal those rulings and fines, but it is bound to comply with them meanwhile. “We believe that our previous approach was compliant,” the company said. “It is important to note that this legal change does not prevent personalized advertising on our platform,” it said. 

The EU privacy rulings against Meta are part of a growing threat to the core business of Meta and many other players in digital advertising: limitations on data they use to sell highly targeted digital ads. 

The solution Meta is implementing, which will involve notifying users of their right to object to ads based on their activity, is likely to rile privacy activists who have campaigned for the company to prompt all of its European users proactively to decide whether they agree to the use of their activity data for ads. Meta’s approach of using an opt-out rather than actively seeking opt-in consent could lead to new complaints, something that could take years to resolve. 

A spokesman for Ireland’s Data Protection Commission declined to comment. 

Meta and other companies that make money from digital ads already are dealing with the hit caused by an

Apple Inc.

move in 2021 to make iPhone apps ask users whether they want their usage to be tracked. Many iPhone users declined, cutting off from a significant source of data for ad targeting. 

Meta has long allowed people to use privacy settings to opt out of personalizing ads based on data it collects about their activity on other websites and apps. But it hasn’t until now let them do that for ads based on their activity on Meta’s own platforms—such as what Facebook posts a user comments on or which videos an Instagram user watches.

That “first-party” data is one of Meta’s main tools for building customized audiences for the personalized ads it sells as part of its core ads business, analysts say. Meta brought in $113.64 billion in advertising revenue in 2022, nearly a quarter of which came from Europe.

“High opt-outs make it challenging to serve relevant personalized ads” and creates “revenue headwinds,” says one internal Meta presentation from October seen by The Wall Street Journal. The company, it said, is moving from “a world where we can use any and all data for ads to a world where consumers will need to give explicit consent for third party and in some jurisdictions even first-party data use.”

Meta has since said it has made significant progress in using artificial intelligence to target ads without signals from users’ use of other apps. It is unclear how successful such tools would be if they can’t use Meta’s internal first-party data as well. 

The company said in a February securities filing that restrictions on the use of user-activity data in the EU and California are hurting its “ability to use such signals in our ad products.” The company said it expects to make more changes in response to the Irish rulings on its “delivery of behavioral advertising in Europe.”

At issue in the Meta decisions is a concept in Europe’s General Data Protection Regulation called contractual necessity. The GDPR mostly prohibits companies from forcing users to turn over personal information to use their services. One exception is when that information is necessary to execute a contract: A food-delivery app needs an address to deliver the burrito that was ordered.

Meta has until now relied on that contractual provision of the GDPR, leading to complaints from Austrian privacy activist Max Schrems. But the change next week will switch its privacy policy and terms and conditions to another legal justification under the law called legitimate interest when it comes to behavioral ads. That justification lets a company use data to serve its own interests.

Regulators have issued guidance saying such use must be understood by users, who should also have an easy way to object, or opt out. 

Meta said Thursday that none of the legal justifications in the GDPR “should be considered more valid than any other.” It said that other platforms use legitimate interest as well. 

Write to Sam Schechner at [email protected] and Jeff Horwitz at [email protected]

Users who wish to opt out will have to submit an online form objecting to Meta’s use of their in-app activity for ads, and the company will then evaluate any user’s objection before implementing the change, the people said. That could limit the effect of the change to Meta’s advertising business, and fall short of satisfying at least some regulators and privacy activists.

The change would be the latest divergence in user options for some services on each side of the Atlantic, such as how users are faced in Europe with cookie-consent boxes they often don’t see in the U.S. The opt-out comes as Meta faces a compliance deadline for a pair of landmark rulings from Ireland’s Data Protection Commission, which leads enforcement of the EU’s main privacy law for Meta. 

The regulator in early January said it was fining Facebook and Instagram a total of 390 million euros, or about $423 million, in part for requiring users to agree to a contract that includes so-called behavioral ads, which are targeted based on a user’s digital activity. The Irish regulator gave Facebook and Instagram three months to stop relying on their contracts with users—a reference to the apps’ terms of service—to justify such ads.

Meta says it is continuing to appeal those rulings and fines, but it is bound to comply with them meanwhile. “We believe that our previous approach was compliant,” the company said. “It is important to note that this legal change does not prevent personalized advertising on our platform,” it said. 

The EU privacy rulings against Meta are part of a growing threat to the core business of Meta and many other players in digital advertising: limitations on data they use to sell highly targeted digital ads. 

The solution Meta is implementing, which will involve notifying users of their right to object to ads based on their activity, is likely to rile privacy activists who have campaigned for the company to prompt all of its European users proactively to decide whether they agree to the use of their activity data for ads. Meta’s approach of using an opt-out rather than actively seeking opt-in consent could lead to new complaints, something that could take years to resolve. 

A spokesman for Ireland’s Data Protection Commission declined to comment. 

Meta and other companies that make money from digital ads already are dealing with the hit caused by an

Apple Inc.

move in 2021 to make iPhone apps ask users whether they want their usage to be tracked. Many iPhone users declined, cutting off from a significant source of data for ad targeting. 

Meta has long allowed people to use privacy settings to opt out of personalizing ads based on data it collects about their activity on other websites and apps. But it hasn’t until now let them do that for ads based on their activity on Meta’s own platforms—such as what Facebook posts a user comments on or which videos an Instagram user watches.

That “first-party” data is one of Meta’s main tools for building customized audiences for the personalized ads it sells as part of its core ads business, analysts say. Meta brought in $113.64 billion in advertising revenue in 2022, nearly a quarter of which came from Europe.

“High opt-outs make it challenging to serve relevant personalized ads” and creates “revenue headwinds,” says one internal Meta presentation from October seen by The Wall Street Journal. The company, it said, is moving from “a world where we can use any and all data for ads to a world where consumers will need to give explicit consent for third party and in some jurisdictions even first-party data use.”

Meta has since said it has made significant progress in using artificial intelligence to target ads without signals from users’ use of other apps. It is unclear how successful such tools would be if they can’t use Meta’s internal first-party data as well. 

The company said in a February securities filing that restrictions on the use of user-activity data in the EU and California are hurting its “ability to use such signals in our ad products.” The company said it expects to make more changes in response to the Irish rulings on its “delivery of behavioral advertising in Europe.”

At issue in the Meta decisions is a concept in Europe’s General Data Protection Regulation called contractual necessity. The GDPR mostly prohibits companies from forcing users to turn over personal information to use their services. One exception is when that information is necessary to execute a contract: A food-delivery app needs an address to deliver the burrito that was ordered.

Meta has until now relied on that contractual provision of the GDPR, leading to complaints from Austrian privacy activist Max Schrems. But the change next week will switch its privacy policy and terms and conditions to another legal justification under the law called legitimate interest when it comes to behavioral ads. That justification lets a company use data to serve its own interests.

Regulators have issued guidance saying such use must be understood by users, who should also have an easy way to object, or opt out. 

Meta said Thursday that none of the legal justifications in the GDPR “should be considered more valid than any other.” It said that other platforms use legitimate interest as well. 

Write to Sam Schechner at [email protected] and Jeff Horwitz at [email protected]