Global Courant 2023-05-22 19:52:00
LONDON –
The European Union on Monday imposed a record $1.3 billion privacy fine on Meta and ordered it to stop transferring users’ personal data across the Atlantic by October, the latest salvo in a decade-long case sparked by fears for cybersnooping in the US.
The €1.2 billion fine is the highest since the EU’s strict data privacy regime came into effect five years ago, surpassing Amazon’s €746 million fine in 2021 for data protection violations.
Meta, which had previously warned that services could be discontinued for its users in Europe, vowed to appeal and ask the courts to immediately suspend the decision.
The company said “there is no immediate disruption to Facebook in Europe.” The decision applies to user data such as names, email and IP addresses, messages, viewing history, geolocation data and other information that Meta – and other tech giants such as Google – use for targeted online advertising.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and the US,” Nick Clegg, Meta’s president of global affairs, and chief legal officer Jennifer Newstead said in a statement.
It is yet another twist in a legal battle that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebook’s handling of its data following revelations by former National Security Agency contractor Edward Snowden about electronic surveillance by US security forces. . That included the revelation that Facebook gave the agencies access to Europeans’ personal data.
The saga has highlighted the clash between Washington and Brussels over the differences between Europe’s strict view on data privacy and the relatively lax regime in the US, which lacks a federal privacy law. The EU has been a global leader in curbing the power of Big Tech with a series of regulations forcing them to more closely monitor their platforms and protect users’ personal information.
An EU-US data transfer agreement known as the Privacy Shield was struck down in 2020 by the EU’s highest court, which said it was not doing enough to protect residents from the US government’s electronic curiosity . Monday’s decision confirmed that another tool to regulate data transfers – legal inventory contracts – was also invalid.
Brussels and Washington signed a deal last year on a reworked privacy shield that Meta could use, but the pact is awaiting a decision from European officials on whether it adequately protects data privacy.
EU institutions reviewed the agreement and the bloc’s lawmakers this month called for improvements, saying the safeguards aren’t strong enough.
Ireland’s data protection commission has fined Meta’s lead privacy regulator in the bloc of 27 countries, because the Silicon Valley technology giant’s European headquarters are located in Dublin.
The Irish watchdog said it gave Meta five months to stop sending European user data to the US and six months to put its data business in order “by stopping its unlawful processing, including storage, in the US” of the personal data of European users who violated the privacy rules of the block.
In other words, Meta needs to erase all that data, which could be a bigger problem than the fine, said Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, a non-profit rights group that deals with digital and data issues.
“This order to delete data is really a headache for Meta,” Ryan said. If the company needs to clean data for hundreds of millions of users in the European Union going back 10 years, “it’s very hard to see how it’s going to be able to comply with that order.”
If a new transatlantic privacy agreement goes into effect before the deadlines, “our services can continue as they do now without any disruption or impact to users,” Meta said.
Schrems predicted that Meta has “no real chance” of materially reversing the decision. And a new privacy pact may not spell the end of Meta’s troubles, as it is likely to be rejected by the EU’s highest court, he said.
“Meta intends to rely on the new deal for future transfers, but this is unlikely to be a permanent solution,” Schrems said in a statement. “Unless U.S. surveillance laws change, Meta will likely have to keep EU data in the EU.”
Schrems said one possible solution could be a “federalized” social network, where European data stays in Meta’s data centers in Europe, “unless, say, users chat with an American friend.”
Meta warned in its latest earnings report that without a legal basis for data transfers it will be forced to stop offering its products and services in Europe, “which would have a material and adverse effect on our business, financial condition and results of operations .”
The social media company may have to undertake a costly and complex review of its operations if it is ultimately forced to halt transfers. Meta has a fleet of 21 data centers, 17 of which are in the United States, according to its website. Three others are located in the European countries of Denmark, Ireland and Sweden. Another is in Singapore.
Other social media giants are under pressure for their data practices. TikTok has sought to allay Western fears about the potential cybersecurity risks posed by the Chinese short video sharing app with a $1.5 billion project to store US user data on Oracle servers.
