Meta Consent and Data Collection for Targeted Ads in Europe

The GDPR Foundation for Digital Advertising

The General Data Protection Regulation established strict requirements for how companies process personal data within the European Union. At its core, GDPR mandates that organizations must have a valid legal basis before collecting or processing personal information. For behavioral advertising--which relies on tracking user activity across websites and apps to deliver personalized ads--GDPR requires what is known as "opt-in consent" from users. This means users must actively agree to data processing rather than having consent assumed or implied through their continued use of a service. This approach was confirmed in the Electronic Frontier Foundation's analysis of the GDPR ruling against targeted ads.

GDPR recognizes six legal bases for data processing: consent, contractual necessity, legal obligation, vital interests, public task, and legitimate interests. However, for sensitive processing activities like behavioral advertising, regulators have consistently held that consent must be freely given, specific, informed, and unambiguous. Users must be able to refuse consent without penalty or loss of access to core services, and they must be able to withdraw consent as easily as they gave it, through the same or equivalent mechanism. This affirmative consent requirement fundamentally changed how platforms like Meta could operate their advertising businesses in Europe, as outlined in Meta's official announcement on EU legal basis changes.

The strict standards under GDPR created significant challenges for companies that had built their business models around pervasive data collection. Meta's advertising platform, which relies heavily on tracking user behavior across its platforms and partner sites, was particularly affected by these requirements. Understanding the legal landscape helps marketers navigate the changing environment and adapt their SEO strategy accordingly.

Meta's Legal Basis Evolution

Meta's journey through GDPR compliance represents a case study in how tech companies have struggled to adapt their advertising models to European privacy requirements. The company went through multiple legal basis changes as regulators challenged each approach.

Contractual Necessity (Original Approach)

Initially, Meta relied on "Contractual Necessity" as its legal basis for processing user data to serve behavioral advertisements. The company argued that showing personalized ads was essential to providing the Facebook and Instagram services that users had agreed to use. This approach was based on the premise that users who signed up for free social media services implicitly understood that personalized advertising was part of the exchange.

Legitimate Interests (Transition Period)

Following regulatory scrutiny and complaints from privacy organizations, Meta was forced to reconsider this approach. In December 2022, the Irish Data Protection Commission--the lead regulator for Meta in Europe--found that Facebook and Instagram must change their approach to the legal basis for behavioral advertising. Meta initially moved to "Legitimate Interests" as its new legal basis, but this too proved problematic under GDPR's requirements for behavioral advertising.

Consent (Current Requirement)

The most significant change came when Meta announced its intention to shift to "Consent" as the legal basis for processing certain data for behavioral advertising for people in the EU, EEA, and Switzerland. This change was driven by evolving regulatory requirements and interpretations of GDPR by European courts and data protection authorities, culminating in the landmark European Data Protection Board ruling against Meta's previous practices.

The EDPB Ruling Against Meta

In December 2022, the European Data Protection Board issued a landmark ruling that fundamentally challenged Meta's approach to targeted advertising. This ruling emerged from a complaint filed in 2018 by NOYB (None of Your Business), a European privacy organization led by activist Max Schrems. The complaint alleged that Meta's practices regarding behavioral advertising violated GDPR requirements for valid consent.

What the Ruling Addressed

The EDPB determined that Meta's practice of burying consent within its Terms of Service constituted a violation of GDPR. Meta had inserted language about ad targeting practices into its terms and then claimed that users who continued using the platform had "consented" to this data processing. Regulators rejected this approach, holding that genuine consent requires affirmative action and cannot be obtained through contractual agreements or terms of service.

The Third-Party vs. First-Party Distinction

Since 2020, Meta had offered users settings to opt out of ad targeting based on information from other apps, websites, and businesses. However, Meta offered no similar option for ad targeting based on what users do on Facebook and Instagram itself--what they click, like, watch, and interact with on Meta's platforms. The EDPB ruling closed this loophole, requiring Meta to obtain opt-in consent for all behavioral advertising regardless of whether the data came from first-party or third-party sources.

This ruling set an important precedent for the digital advertising industry, establishing that regulators would not accept platforms' attempts to bypass consent requirements through creative interpretations of their legal basis for data processing. The decision has implications far beyond Meta, shaping how all platforms approach behavioral advertising in Europe.

Meta's Subscription Model Solution

In response to regulatory pressure, Meta introduced a subscription model that allows users to pay for an ad-free experience on Facebook and Instagram. This approach addresses GDPR's consent requirements while preserving Meta's ability to offer personalized advertising to users who choose the free, ad-supported option. The Court of Justice of the European Union endorsed this subscriptions model as a valid form of consent for an ads-funded service, providing legal certainty for Meta's approach.

Pricing Structure

When the subscription option first launched, pricing was set at €9.99 per month on the web and €12.99 per month on iOS and Android devices. The price difference reflected the fees charged by Apple and Google through their respective app store purchasing policies. Additional accounts linked through Meta's Accounts Center were charged €6 per month on web and €8 per month on iOS and Android.

In November 2024, Meta significantly reduced the subscription price by 40%, making its service one of the cheapest ad-free options among comparable social media platforms:

• Web: €5.99/month (reduced from €9.99)
• iOS/Android: €7.99/month (reduced from €12.99)
• Additional accounts: €4/month web, €5/month mobile

What Subscribers Receive

Subscribers gain access to Facebook and Instagram without any advertising. This includes no banner ads, no video ads interrupting content, and no sponsored posts in the feed. The subscription provides access to all core features of both platforms--messaging, posting, stories, reels, and groups--completely ad-free. Existing subscribers received the lower pricing automatically without needing to take any action, reflecting Meta's effort to maintain subscriber satisfaction while adapting to market conditions.

This model creates a genuine choice for European users: pay for an ad-free experience or consent to personalized advertising. For marketers, this means that a portion of their potential audience will be completely unreachable through Meta's advertising platform, while others will see ads with limited personalization.

The Less Personalized Ads Option

Beyond the subscription model, Meta introduced an additional choice for EU users: the option to see "less personalized ads" while continuing to use Facebook and Instagram for free. This option relies on significantly less data than full personalization, offering a middle ground between complete ad-free access and fully targeted advertising.

How Less Personalized Ads Work

Under this option, Meta shows ads based only on context--what a person sees in a particular session on Facebook and Instagram--and a minimal set of data points that includes:

• User's age
• User's location
• User's gender
• How the user engages with ads

This represents a dramatic reduction in the data used for ad targeting compared to fully personalized advertising, which incorporates a user's complete activity history across Meta's platforms and partner websites.

Trade-offs for Users

Because far less data informs ad targeting, users who choose this option will see ads that may be less relevant to their interests. Meta acknowledges this drop in relevance is inevitable given the drastically reduced data being used. Additionally, Meta introduced "ad breaks" in the less personalized experience, meaning some ads become unskippable for a few seconds. This helps Meta continue providing value to advertisers while offering a free, less personalized option.

Implications for the Advertising Ecosystem

This option creates three distinct user segments in Europe: those who pay to see no ads, those who consent to full personalization, and those who use the free platform with minimal ad targeting. For advertisers, this fragmentation means smaller addressable audiences for highly targeted campaigns and reduced effectiveness for certain audience segments. Understanding these trade-offs is essential for marketers developing European advertising strategies.

Impact on Small Businesses and Advertisers

The regulatory changes affecting Meta's advertising model have significant implications for small businesses that rely on the platform to reach customers. Meta has emphasized that personalized ads are particularly beneficial for small and medium businesses, which make up over 99% of businesses in the EU and employ over 100 million people across the region. These businesses use personalized advertising to reach customers most likely to be interested in their offerings in a cost-effective manner.

Economic Significance

According to Meta's data, European businesses earn €107 billion in annual revenue from personalized ads on Meta's platforms every year. Each €1 spent on Meta ads yields €3.79 in advertiser revenues in Europe. This substantial economic impact underscores why the advertising industry's response to privacy regulations matters not just for consumers but for the broader European economy.

Historical Precedent and Future Implications

When Apple introduced App Tracking Transparency on iOS--which required apps to obtain user permission before tracking them across other apps--Meta reported significant impacts on its advertising business. Studies showed that when given a clear choice, most users prefer not to enable around-the-clock surveillance of their activity, and Meta lost both advertising revenue and a source of valuable ad targeting data.

Practical Considerations for Marketers

For businesses planning advertising spend in European markets, these regulatory changes mean adjusting expectations for campaign reach and targeting precision. Audience sizes for highly targeted campaigns will be smaller in Europe than in regions with less stringent consent requirements. Marketers should factor these limitations into campaign planning, budget allocation, and ROI projections. Building first-party data strategies that don't depend on platform tracking becomes increasingly important for sustainable marketing success. Leveraging AI automation services can help businesses adapt to these changing dynamics with data-driven approaches.

Technical Implementation for Marketers

For marketers working with Meta advertising in Europe, understanding the consent landscape is crucial for campaign planning and audience strategy. The key consideration is that not all EU users will see the same level of ad personalization, creating three distinct audience segments with different advertising experiences.

Audience Targeting Considerations

Users who subscribe to the no-ads option will not see any advertising at all--they are effectively removed from the advertising ecosystem. Users who choose the less personalized ads option will see context-based ads with limited targeting data, meaning demographic and interest-based targeting will have reduced effectiveness. Only users who actively consent to personalized advertising will receive fully targeted ads based on their activity across Meta's platforms and partner sites.

This fragmentation means that audience sizes for highly targeted campaigns may be smaller in Europe than in regions where consent requirements are less stringent. Marketers should adjust expectations accordingly and consider how campaign strategies might need to evolve.

Strategic Recommendations

1. Adjust campaign expectations: Recognize that addressable audiences for highly targeted campaigns will be smaller in Europe

2. Embrace contextual advertising: Show ads based on the content a user is currently viewing rather than their past behavior--this becomes increasingly important for reaching users who haven't consented to full personalization

3. Build first-party data strategies: Develop direct relationships with customers through email lists, loyalty programs, and website analytics that don't depend on platform tracking

4. Diversify advertising channels: Reduce dependency on any single platform by exploring complementary channels that align with privacy regulations

5. Invest in transparency: Build trust with audiences through clear communication about data practices, which may encourage higher consent rates

Privacy Tools Available

Meta provides privacy tools regardless of which option users choose, including Ad Preferences for controlling ad experience, the "Why am I seeing this ad?" transparency feature, third-party data opt-out options available since 2018, and activity controls for managing data used in advertising.

Future Outlook and Compliance Considerations

The regulatory trajectory suggests that privacy requirements for digital advertising will continue to tighten across jurisdictions. The European approach has influenced other jurisdictions considering similar protections, and patterns of tech companies being forced to adapt their practices suggest that the ad-supported internet model faces ongoing challenges in regions with strong privacy regulations.

Global Privacy Trends

California, Brazil, and other regions have implemented or are developing comprehensive privacy regulations based on similar principles to GDPR. The European approach has served as a template for global privacy regulation, and marketers should expect continued evolution of consent requirements across all major markets.

Implications for Digital Marketing

The shift toward consent-based advertising represents a fundamental change in how digital marketing works. Marketers who understand and adapt to these requirements will be better positioned for sustainable success than those who attempt to work around privacy regulations.

Strategic Recommendations for the Future

1. Build first-party data strategies: Develop direct relationships with customers through email lists, loyalty programs, and website analytics that don't depend on platform tracking. First-party data becomes increasingly valuable as third-party tracking faces regulatory pressure.

2. Diversify advertising approaches: Include contextual and consent-friendly methods alongside targeted advertising. Contextual advertising--showing ads based on content rather than behavior--gains importance as behavioral targeting becomes more restricted.

3. Monitor regulatory developments: Privacy regulations continue to evolve across jurisdictions. Staying informed about upcoming changes helps marketers adapt strategies proactively rather than reactively.

4. Invest in transparency: Build trust with audiences through clear communication about data practices. Transparent companies may see higher consent rates and stronger customer relationships.

5. Plan for continued evolution: The changes to Meta's advertising model in Europe are not isolated--they represent a broader shift in how digital advertising operates globally. Preparing for this future now helps marketers build more resilient, privacy-first digital experiences through thoughtful web development practices.

For marketers, the key takeaway is that consent-based advertising is here to stay. User choice will increasingly drive what data is available for targeting, and building marketing strategies on consent-friendly foundations will provide long-term stability. Those who understand and work with these regulatory requirements rather than against them will be better positioned for success in the evolving digital advertising landscape.

Sources

1. Meta - How Meta Uses Legal Bases for Processing Ads in the EU
2. Electronic Frontier Foundation - A Promising New GDPR Ruling Against Targeted Ads
3. Meta - Facebook and Instagram to Offer Subscription for No Ads in Europe
4. NOYB - Personalized Ads Facebook Instagram Declared Illegal