The European Union recently fined Meta, the parent company of Facebook, an unprecedented $1.3 billion for violating the EU’s sweeping privacy law, the General Data Protection Regulation. It’s a landmark move in the GDPR’s five-year lifespan, which could have U.S.-based tech companies like Meta reconsidering their privacy policies in a way noticeable to their tens of millions of users.
The Meta fine stemmed from a claim by the Irish Data Protection Commission that the Silicon Valley social media giant had broken European Union law by transferring personal data from EU users of Facebook to the United States. The GDPR was supposed to prevent such violations. The GDPR’s primary aim is to enhance individuals’ control and rights over their personal data and to simplify the regulatory environment for international business.
SOUTH CAROLINA CHIPS AWAY AT NANNY-STATE HEALTHCARE
But it’s not that simple when it comes to trans-Atlantic data transfers. A 2020 decision by the EU’s Court of Justice invalidated Europe’s existing legal mechanism for the routine transfer of data from EU residents to America, known as the EU-U.S. Privacy Shield. The court acted on concerns that the Privacy Shield was exposing Europeans’ online data to surveillance by U.S. law enforcement, such as the National Security Agency.
With the Privacy Shield invalidated and the GDPR in place, Meta was found in violation of the latter, which the EU adopted in April 2016, and began its operation a bit over two years later. The eight-figure Meta fine is the largest yet imposed on a U.S. company under GDPR’s rules about restrictions and obligations on entities collecting data from users in the EU.
In addition to the record fine, the regulator ordered Meta to suspend “any future transfer of personal data” from European Facebook users to the U.S. within five months. Meta also owns Instagram and WhatsApp, but those services were not implicated in the ruling.
A new agreement that would allow the data transfers was approved by the U.S. in 2022, but it is still awaiting ratification by the European Commission. The Trans-Atlantic Data Privacy Framework contains a new set of rules to limit access to data by U.S. intelligence authorities and, if passed in time, could eliminate Meta’s legal woes. But that timing is uncertain.
In the meantime, Meta plans to seek a stay of the orders and appeal the decision and the fine. In a blog post, the company’s global affairs president, Nick Clegg, and its chief legal officer, Jennifer Newstead, pointed out that this ruling stems not from “a fundamental conflict of law between the US government’s rules on access to data and European privacy rights.” They expressed hope that the issue would be resolved this summer as a broad matter of policy and assured users that there would be no disruption of services for the time being.
But if the European Commission doesn’t act, that might change. Meta would be left with two costly options. First, they could act to localize data from EU users, ceasing to transfer any of it to the U.S. That process has been a costly and lengthy undertaking for TikTok, the popular short-form video hosting service owned by Beijing, China-based ByteDance. In TikTok’s bid to assuage U.S. lawmaker concerns about data transfers from Americans to China, the company says it’s spent more than $1 billion reconfiguring its digital infrastructure.
The second possibility is that Meta could withdraw offering Facebook in the EU. It’s the most extreme option and would also be a costly one for the social media company. Facebook’s most lucrative market is the U.S./Canada sector, bringing in $29 billion in revenue in 2021, but Europe is its second biggest market, producing $29 billion in revenue that same year. Giving up roughly one-fourth of its revenue after losing a staggering amount of its value in the stock market last year would be another hard pill to swallow.
Neither option would address the thousands of other companies that make regular transfers of user data out of the EU and into the U.S.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The EU’s Meta ruling shows privacy law, “as it is currently constructed, can make trade nearly impossible,” tweeted Anupam Chander, a Georgetown Law professor and expert on the global regulation of new technologies.
If policymakers don’t find a mechanism for the two markets to interact, Europeans will be left with fewer options and services. Seven of the top 10 global tech firms are U.S. companies; the EU boasts not one in the top 10.
