“The ability for data to be transferred across borders is fundamental to how the global open internet works”, Nick Clegg, Meta President of Global Affairs, together with Jennifer Newstead, Meta Chief Legal Officer, promptly replied in a report. “Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on”.
After a three-year-old inquiry overseeing Meta’s operations in Europe, on Monday, May 22 the European Data Protection Commission fined Meta Platforms Inc. €1.2 billion ($1.3 billion) for violating General Data Protecion Regulation (GDPR), the EU privacy law, by irregularly transferring personal information of European Facebook users to the United States and effectively allowing American security services to access their personal e-mail addresses, phone numbers and financial data. For this reason, the DPC also gave the company co-founded by Mark Zuckerberg in January 2004 a six-month deadline in order to, as the announcement states, “cease the unlawful process, including storage, in the US”.
“We are therefore disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe. This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US”, Meta’s statement says. US privacy standards are different and less stringent than the ones included in the GDPR. And here is where the controversy starts. This kind of penalty, which is the highest privacy fine issued by the DPC that breaks the prior record of €746 million ($888 million) asked to Amazon.com Inc. in 2021, highlights ongoing uncertainty about how global businesses may legally transfer EU users’ data to servers overseas and could lead European companies to demand from the US partners to keep their data in Europe.
Meta is not the first entity to have been sued. The first one was former U.S. National Security Agency contractor Edward Snowden, who leaked documents about US intelligence collecting people’s data by Facebook and Google. The following was Austrian privacy campaigner Max Schrems who brought a legal challenge over the risk of U.S. snooping. It is not the first time and, for sure, it will not be the last.
Discussion about this post