Pinterest, the popular image-sharing platform, is facing a new privacy challenge in the European Union. The Irish Data Protection Commission (DPC), the lead privacy regulator for many major tech companies, has received a formal complaint alleging that Pinterest is illegally tracking users’ online activity to target them with personalized ads.

The complaint, submitted by the privacy advocacy group Noyb, claims that Pinterest violates the EU’s General Data Protection Regulation (GDPR) by:

Collecting excessive amounts of personal data without explicit user consent. This includes data like browsing history, location, and even social media interactions, which are then used to create detailed profiles for targeted advertising.

Failing to provide users with sufficient transparency about how their data is used. The complaint alleges that Pinterest’s privacy policies are overly complex and do not adequately explain the full extent of its data collection practices.

Not offering users clear and effective options to opt-out of data tracking. Noyb argues that Pinterest’s current opt-out mechanism is buried deep within its settings and is not readily accessible to users.

The DPC is currently investigating the complaint. If it finds that Pinterest has violated the GDPR, the company could face significant fines and be ordered to make changes to its data collection practices. This could include removing certain tracking features, improving transparency, and providing users with more control over their data.

This complaint is part of a growing trend of privacy scrutiny for tech giants in the EU. The GDPR has given individuals greater control over their personal data, and privacy advocacy groups are actively challenging companies that they believe are abusing this data. Pinterest’s case will be watched closely by other tech firms operating in Europe, as it could set a precedent for future privacy enforcement.