The Norse Data Protection Authority, Datatilsynet had been holding back Facebook parent Meta from looting and pillaging citizen’s data with a threat of fines of one million Kroner (about $94,000) if it tries it.
In August, it said Meta hadn't been playing ball and started serving up the daily fines. However, the ban that resulted in these fines, put into place in July, expires on November 3 and Norway wants something that sticks.
A Court of Justice of the European Union (CJEU) ruled that Meta's data processing operation was also hauling in protected data " race and ethnicity, religious affiliation, sexual orientation etc. “when it cast its behavioural ads net.
While Norway is not a member of the EU but is part of the European single market, and the CJEU, as Europe's top court, has the job of making sure the application and interpretation of law within the market is compliant with European treaties (this part would apply to Norway) as well as ensuring that legislation adopted by the EU is applied the same way across all Member States.
Datatilsynet's ruling said the American company's central processing of that data was putting Meta in violation of the EU's General Data Protection Regulation.
A spokesperson for Meta said it was "surprised" by the Norwegian authority's actions, "given that Meta has already committed to moving to the legal basis of consent for advertising in the EU/EEA."
It added: "We remain in active discussions with the relevant data protection authorities on this topic via our lead regulator in the EU, the Irish Data Protection Commission, and will have more to share in due course."