Yet another EU data privacy fine for Meta. This time, Meta was fined $1.3 billion for another EU data privacy violation – a new record!
According to The New York Times (Meta Fined $1.3 Billion for Violating E.U. Data Privacy Rules, written by Adam Satariano and available here), Meta on Monday was fined a record 1.2 billion euros ($1.3 billion). Perhaps even worse, Meta was also ordered to stop transferring data collected from Facebook users in Europe to the United States, in a major ruling against the social media company for violating European Union data protection rules.
The penalty, announced by Ireland’s Data Protection Commission, is potentially one of the most consequential in the five years since the European Union enacted the General Data Protection Regulation (GDPR). Regulators said the company failed to comply with a 2020 decision by the EU’s highest court that Facebook data shipped across the Atlantic was not sufficiently protected from American spy agencies.
But it remains unclear if or when Meta will ever need to cordon off the data of Facebook users in Europe. Meta said it would appeal the decision, setting up a potentially lengthy legal process.
At the same time, European Union and American officials are negotiating a new data-sharing pact that would provide legal protections for Meta and scores of other companies to continue moving information between the United States and Europe — a pact that could nullify much of the European Union’s ruling on Monday. A preliminary deal was announced last year. So, that may be the silver lining in all of this for Meta.
The ruling, which comes with a grace period of at least five months before Meta needs to comply, applies only to Facebook and not Instagram and WhatsApp, which Meta also owns. The company said that there would be no immediate disruption to Facebook’s service in the European Union.
On Monday, Meta said it was being unfairly singled out for data-sharing practices used by thousands of companies.
“Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on,” Nick Clegg, Meta’s president of global affairs, and Jennifer G. Newstead, the company’s chief legal officer, said in a statement.
This is the third multi hundred million dollar fine for Meta in less than a year. Last year, the Irish DPC also slapped Instagram with a fine of €405 million after an investigation found the social media platform mishandled teenagers’ personal information in violation of strict European Union data privacy rules. And they were also fined another $277 million by the Irish DPC following a probe that found the social-media company had failed to apply strict safeguards required under GDPR.
The fact that Meta was fined $1.3 billion today means they’re up to about $2 billion – in less than a year!
So, what do you think? Are you surprised that Meta was fined $1.3 billion today? And do you think it will get them to change things? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
Lots to analyze here so just a few short notes:
1. What is important to note is that Meta is very much the sacrificial lamb as far as data transfer crackdowns go; look no further than other Big Tech 10K reports which all pretty much admit they are/may be in breach of GDPR due to their operations. And, yes, you need to read such stuff to follow Big Tech.
Just a snip from Apple’s 10K about the GDPR: “The Company may incur substantial costs in the future should it [the Commission] require the Company to change its business practices. Noncompliance could result in significant penalties or legal liability.”
As to the decision itself:
First, I actually think it is reasonable that the Court held that the SCC’s did not apply to Meta’s data transfers, for the reasons elucidated above.
Second, though, I would argue that Meta ought be able to condition usage of its products on users agreeing to have their data moved to the U.S. : we can have our debates about the actual value of the data collected by Meta in the course of providing their service (I think it’s overstated), but the idea that you provide payment for a good ought to be inviolable; what bothers me about so many of these E.U. rulings is the insistence that E.U. citizens get something for nothing, instead of taking responsibility for their own decisions about whether or not to use a service (relatedly, I am absolutely in favor of more transparency around the actual costs).
It’s worth noting that this burden falls even more heavily on small- and medium-sized businesses, who simply don’t have the wherewithal to maintain distinct E.U. data programs; it’s pretty well-established at this point, though, that the E.U. simply doesn’t care about this category of business.They could go after 100s of EU violators but they are too small.
And the EU isn’t trying to protect its own. They just want €€€€€. No European competitors will fill in the gap. Any company that wishes to achieve scale needs to do so in its home market first, before going abroad, but it seems far more likely that Europe will make the most sense as a secondary market for companies that have done the messy work of iterating on data and achieving product-market fit in markets that are more open to experimentation and impose less of a regulatory burden. Higher costs mean you need a greater expectation of success, which means a proven model, not a speculative one. EU companies simply cannot scale.
And nobody takes Meta seriously when it said in its press release they might “be forced to abandon the E.U. Beyond the fact the company had $25.8 billion in revenue in the bloc (plus the U.K) last year, it’s pretty important for a social network to have as many people on that network as possible. Costs will go up, though, and it’s plausible that some services — particularly those related to AI — simply aren’t available.
And there’s the rub – AI specifically. AI-focused data centers are extremely expensive, and large training runs benefit from more data rather than less. It is a pretty tall order to build a dedicated European facility for E.U. data alone, which, per Meta’s previous fine, may not even be usable. It makes much more sense to have dedicated facilities that can be leveraged across the rest of the world, limiting capital expenditure on one hand and maximizing data availability on the other.
There is much more to this case than meets the eye.
[…] post Meta Fined $1.3 Billion for EU Data Privacy Violation: Data Privacy Trends appeared first on eDiscovery Today by Doug […]