The visual discovery engine Pinterest is facing a complaint from European privacy rights non-profit noyb, accusing it of breaching the EU's General Data Protection Regulation (GDPR) by failing to obtain consent from users to be tracked and profiled for advertising.

The complaint, filed with France's data protection authority, alleges that Pinterest is relying on a legal basis for processing people's data for ad targeting that is non-compliant with the GDPR. noyb argues that Pinterest must obtain Europeans' consent to run its personalized ads business, citing a July 2023 EU court ruling that denied Facebook owner Meta's ability to use legitimate interest as a legal basis for surveillance ads.

Pinterest, which has around 130 million regional users, tracks all of them by default to "personalize" ads, without obtaining explicit consent. The complaint also accuses Pinterest of failing to fulfill a GDPR data access request, not providing information on the categories of data shared with third parties.

The case highlights the importance of tech companies complying with EU privacy regulations, with potential penalties of up to 4% of global annual turnover for confirmed breaches. noyb is calling for Pinterest to delete any data processed for ads, inform users, and fulfill the complainant's data access request.