Tanya O’Carroll, a human rights campaigner, has secured a settlement with social media company Meta that prevents the use of her personal data for targeted advertising. This resolution follows an individual legal challenge she filed against Meta’s practices of tracking and profiling users, originally initiated in 2022.
O’Carroll contended that, according to U.K. and E.U. data protection laws, individuals have a legal right to object to the use of personal data for direct marketing. She argued that this law mandates that if a user objects, their data should no longer be processed for such purposes, thereby requiring Meta to cease tracking and profiling her for targeted advertisements.
Meta, in response, argued that its “personalized ads” did not constitute direct marketing. The case was scheduled for a hearing in the English High Court but was resolved through the settlement, thereby concluding the legal proceedings.
For O’Carroll, this represents a personal victory as Meta is now required to refrain from using her data for ad targeting while she uses its services. She believes this settlement could serve as a precedent, enabling others to assert their right to object to direct marketing and compel the tech company to respect their privacy.
In a conversation with TechCrunch, O’Carroll mentioned that once Meta agreed to her demands—specifically not to process her data for targeted ads—she had little reason to continue with the legal proceedings. She acknowledged the potential financial risk if the litigation had not succeeded.
O’Carroll described her victory as bittersweet, stating that she achieved her goal of demonstrating the existence of the right to object, which she believes applies to Meta’s business model and similar business practices on the internet, emphasizing that targeted advertising is indeed direct marketing. However, she noted that the matter was not resolved legally, as Meta was not required to admit liability.
Although the E.U. has established comprehensive legal protections like the General Data Protection Regulation (GDPR)—the basis of O’Carroll’s legal challenge—enforcing these laws against business models based on surveillance advertising, like Meta’s, has been challenging. Since GDPR’s inception in May 2018, multiple complaints against the company have surfaced, leading to regulatory challenges in enforcing compliance.
Despite Meta accumulating numerous GDPR fines, including some of the largest ever privacy fines for tech companies, altering its core business model of consentless surveillance remains difficult. However, enforcement actions are beginning to address this in Europe, and O’Carroll’s case highlights the feasibility of privacy advocacy.
O’Carroll also expressed optimism, pointing to the U.K.’s Information Commissioner’s Office (ICO) intervention in her case, which sided with her perspective. She suggested that this support could encourage other Meta users to object to data processing, increasing the likelihood of ICO backing if Meta rejects such requests.
Furthermore, O’Carroll indicated that Meta might shift to a “pay or consent” model in the U.K., similar to its strategy in the EU. This approach would require users either to agree to tracking or to pay for ad-free services. While she could not reveal detailed terms of the tracking-free access provided to her, she confirmed that she would not need to pay Meta.
