LONDON, England – The European Union smacked Meta with a record $1.3 billion privacy punishment on Monday and ordered it to stop sending customers’ personal information across the Atlantic by October, the latest salvo in a decade-long case started by concerns about US cyber snooping.
The 1.2 billion euro penalty is the largest since the EU’s rigorous data privacy law was enacted five years ago, exceeding Amazon’s 746 million euro charge for data protection infringement in 2021.
Meta, which had earlier warned that services for its European consumers could be cut off, has vowed to appeal and ask courts to halt the judgment immediately.
According to the business, “there is no immediate disruption to Facebook in Europe.” The decision pertains to user data such as names, email and IP addresses, messages, viewing history, geolocation data, and other information used by Meta and other internet behemoths such as Google for targeted online advertising.
“This decision is flawed, unjustified, and sets a dangerous precedent for the countless other companies transferring data between the EU and the U.S.,” said Meta’s president of global affairs, Nick Clegg, and chief legal officer Jennifer Newstead, in a statement.
It’s the latest twist in a legal saga that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebook’s handling of his data in the aftermath of former NSA contractor Edward Snowden’s revelations about electronic surveillance by US security agencies. This includes the revelation that Facebook gave agencies access to Europeans’ data.
The issue has highlighted the differences between Europe’s stringent approach to data protection and the more loose framework in the United States, which lacks federal privacy legislation. With a succession of legislation requiring them to police their platforms more closely and protect users’ personal information, the EU has been a global leader in limiting Big Tech’s power.
The EU’s top court threw down the Privacy Shield deal, which covered EU-US data transfers, in 2020, saying it didn’t do enough to shield people from the US government’s electronic probing. The judgment on Monday found that legal stock contracts, another instrument for governing data transfers, were also unconstitutional.
Last year, Brussels and Washington agreed on a revised Privacy Shield that Meta might utilize, but the agreement is awaiting a decision from European officials on whether it effectively safeguards data privacy.
EU authorities have reviewed the pact, and the bloc’s lawmakers this month urged for revisions, claiming that the safeguards are insufficient Meta.
The fine was imposed by Ireland’s Data Protection Commission, which serves as Meta’s principal privacy regulator in the EU’s 27-nation bloc, due to the Silicon Valley tech giant’s European headquarters being in Dublin.
The Irish watchdog said it gave Meta five months to stop sending European user data to the US and six months to bring its data operations into compliance “by ceasing the unlawful processing, including storage, in the US” of personal data transferred in violation of the EU’s privacy rules.
In other words, Meta must remove all that data, which may be a greater concern than the punishment, according to Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, a nonprofit rights organization focused on digital and data issues.
“This order to delete data is causing Meta a lot of grief,” Ryan explained. “It is very difficult to see how it will be able to comply with that order” if the business is required to scrub data for hundreds of millions of European Union users dating back ten years.
If a new transatlantic privacy agreement takes effect before the deadlines, “our services can continue as they do today without any disruption or impact on users,” according to Meta.
Schrems projected that Meta would have “no real chance” of having the verdict overturned. And according to him, a new privacy treaty may not be the last of Meta’s problems because it is likely to be overturned by the EU’s top court.
“Meta intends to rely on the new agreement for transfers in the future, but this is unlikely to be a long-term solution,” Schrems said. “Unless and until U.S. surveillance laws are changed, Meta will most likely have to keep EU data in the EU.”
Schrems suggested a “federated” social network in which European data is kept in Meta’s European data centers “unless users, for example, chat with a U.S. friend.”
In its most recent earnings report, Meta cautioned that if there is no legal basis for data transfers, it will be compelled to stop supplying its products and services in Europe, “which would materially and adversely affect our business, financial condition, and results of operations.”
If the transfers are eventually halted, the social media business may undergo a costly and difficult overhaul of its processes. According to its website, Meta has a fleet of 21 data centers. However, 17 of them are in the United States. Denmark, Ireland, and Sweden are the other three European countries. Another is located in Singapore.
Other social media behemoths are under scrutiny for their data practices. TikTok has attempted to assuage Western concerns about the Chinese-owned short video-sharing app’s potential cybersecurity hazards by announcing a $1.5 billion proposal to store user data in the United States on Oracle servers.
SOURCE – (AP)
