Meta has been hit by a €1.2 billion fine by the Irish DPC. This for transferring personal data to the US.
Back in 2020, we reported on a major court ruling out of Europe. In a court case that made it all the way to the highest courts of the land, the courts ruled that personal data must be protected despite the so-called privacy shield laws. The General Data Protection Regulation (GDPR) laws say that you need permission to have your personal information sent out of your country. At minimum, that information should be anonymized.
To circumvent that, the US got Europe to enact a so-called “privacy shield” law. Essentially, the law says that the US is a perfectly reasonable country to send personal information to. Therefore, that data doesn’t need to be anonymous. The law was hugely controversial for obvious reasons. After all, what’s the point of having privacy laws when US companies can just take whatever they like anyway? Long story short, the courts agreed with that sentiment and said that DPA’s (Data Protection Authorities) should be able to review the information before leaving Europe. EDRI, at the time, hailed the ruling as a major victory, invalidating the shield law in the process.
Large corporations, of course, weren’t happy with this ruling because the gravy train of personal information might be slowed in some major regions of the world. For instance, Facebook threatened to leave Europe altogether unless it can continue to have unfettered access to the personal information of European citizens.
Fast forward to today and we are learning that Facebook decided to just continue as business as usual. That decision has apparently cost them. the Irish DPC has fined Meta €1.2 billion for privacy violations. From Reuters:
Meta (META.O) was hit with a record 1.2 billion euro ($1.3 billion) fine by its lead European Union privacy regulator over its handling of user information and given five months to stop transferring users’ data to the United States.
The fine, imposed by Ireland’s Data Protection Commissioner (DPC), came after Meta continued to transfer data beyond a 2020 EU court ruling that invalidated an EU-U.S. data transfer pact. It tops the previous record EU privacy fine of 746 million euros handed by Luxembourg to Amazon.com Inc (AMZN.O) in 2021.
The battle over where Meta’s Facebook stores its data began a decade ago after Austrian privacy campaigner Max Schrems brought a legal challenge over the risk of U.S. snooping in light of disclosures by former U.S. National Security Agency contractor Edward Snowden.
Meta said in a statement that it will appeal the ruling, including the “unjustified and unnecessary fine that “sets a dangerous precedent for countless other companies.” It will also seek a stay of the suspension orders through the courts.
The social media giant reiterated that it expected a new pact facilitating the safe transfer of EU citizens’ personal data to the United States would be fully implemented before it has to suspend transfers.
So, Meta says that it will continue to fight against that and avoid paying out the fine.
For those asking how on earth people like us propose to hold these large tech companies accountable, I say this is exactly how you hold these companies accountable. The misuse of people’s personal information has been well documented with this company. You want these companies respecting people’s privacy and give people control over how these companies use the information they collect on you. If they flaunt the rules and do whatever they like, fine the living daylights out of them. That money can be used to pay for plenty of government programs afterwards. Heck, maybe use that money to fund programs that subsidize some members in the media industry. That would be a method I would be entirely on board with.
Unfortunately, Canada is continuing to slow walk privacy reform. After nearly a decade, Canadian’s are still waiting for something that will hold these companies accountable. In the mean time, Canada is stuck with grossly outdated privacy laws that result in strongly worded letters, a warning of “don’t do that again”, a pat on the head and sending these companies on their way. If Canada had real privacy laws, the country wouldn’t have any problem funding news media companies and we, as a country, would be encouraging better protections of people’s personal information. It’s a win for everyone.
Instead, the government is pushing for link taxes through Bill C-18. As a result, the government is putting the whole news sector at risk as the large platforms threaten to drop news links altogether, choking off a number of these companies main source of traffic – all for financial gains destined for the largest players and leaving the smaller players with, as one witness in the hearings said, “crumbs” – and that’s a best case scenario with such a law.
So, once again, Europe is showing the world how to handle large tech companies. We can all hope that North American countries will eventually head into that direction and, who knows? Maybe North America can also be home of strong digital advertising regulations as well? We can only dream that governments finally start doing the right thing, anyway.
Drew Wilson on Twitter: @icecube85 and Facebook.
