Meta's advertising business could be in serious trouble after European Union regulators found that it had illegally forced users to accept personalized advertisements.

The decision could force Meta to make changes to its business in the European Union, one of its largest markets.

Since the EU enacted a landmark data-privacy law aimed at limiting the ability of Facebook and other companies to collect information about users without their consent, the ruling is one of the most consequential. The law went into effect last year

The case is about how Meta gets legal permission to collect user data. Users must allow their data to be used for personalized ads or stop using Meta's social media services if they don't accept the company's terms of service agreement.

Ireland's data privacy board is Meta's main Regulator in the E.U. because the company's EuropeanHeadquarters are in Dublin.

The decision doesn't say how the company must comply with the ruling, but it could lead to Meta allowing users to choose if they want their data used for targeted promotions.

One of the most valuable parts of Meta is if a lot of users choose not to share their data. Information about a user's digital history is used by marketers to get ads in front of people who are the most likely to purchase. Meta generated $118 billion in revenue in 2011.

In the US, there is no federal data privacy law and only a few states have taken steps to create rules similar to those in the E.U.

Meta was already grappling with a major drop in advertising revenue because of a change made by Apple in 2021. A majority of users have blocked tracking, according to a survey.

Meta is trying to expand its business from social media to virtual reality called the metaverse. In the past year, the company's stock price has plummeted and it has laid off thousands of employees

There were two complaints against Meta in the last year. The power of the G.D.P.R. and how regulators use the law to force companies to change their business practices will be tested by Meta's appeal of the decision.

Facebook said in a statement that it was disappointed by the decisions and that it respected G.D.P.R.

Privacy groups hailed the result as a long-awaited response to companies gobbling up as much data as possible about people online in order to deliver personalized ads. Critics saw the decision taken more than four years as a sign that the G.D.P.R. is weak and slow.

Johnny Ryan is a privacy rights activists who is a senior fellow at the Irish Council for Civil Liberties. Big Tech may be in for a much rougher ride according to the judgement.

The Irish authorities initially ruled that Meta's use of terms of service for permission was legal, but they were overruled by a board.

There has been a lack of regulatory clarity on this issue, and the debate among regulators and policymakers about which legal basis is most appropriate in a given situation has been ongoing for some time.

There are signs that the E.U. is cracking down on tech companies. The new E.U. laws aim to stop anticompetitive practices in the tech industry and force social media companies to more aggressively police user-generated content. In order to avoid antitrust charges, Amazon made changes to how products are sold on its platform.

A data leak discovered last year that led to the personal information of more than 500 million Facebook users being published online resulted in a hefty fine for Meta.

The European Court of Justice is expected to rule on cases that could change Meta's practices. The enforcement has not matched the rhetoric of the policymakers. There are thousands of data protection complaints that need to be addressed, according to Max Schrems, an Austrian data protection activist.

He said that the enforcement is not happening, even though you have all these rights.