Why has Meta Pixel use received AP fines?

Meta Pixel (formerly Facebook Pixel) is a tracking snippet websites install on their pages. On every page visit, data is sent to Meta — IP, browser, behaviour, conversion info. Meta uses this for advertising targeting (Custom Audiences, Lookalike Audiences). Three GDPR problems: (1) No valid consent: pixel often loads before the cookie banner or regardless of choice → unlawful processing (Art. 6). (2) Joint controller relationship: CJEU Wirtschaftsakademie 2018 established that the site owner AND Meta are joint controllers — so both liable + DPA/joint controller arrangement required. (3) Schrems II: Meta is in USA — data transfer issue. AP fines 2023-2025: multiple NL businesses fined for pixel without consent (typically €25k-€250k). Key ruling: NOYB (Schrems' NGO) has filed >100 complaints against NL sites loading Meta Pixel without consent. For websites: consent-conditional loading (Google Tag Manager with consent trigger), Meta DPA + Joint Controller Arrangement, IP anonymisation, Schrems II TIA. Or better: switch to EU-only analytics (Matomo, Plausible). For consumers: if you see a Meta Pixel loading without consent (browser DevTools → Network → "facebook" filter) → AP complaint. Tip: uBlock Origin blocks by default.