It’s official (as if there was ever any doubt): the European Union (EU) has ordered Meta to pay a staggering $1.3 billion, and to stop transferring EU data to the US.
Per Associated Press, Meta plans to appeal the decision made by Ireland’s Data Protection Commission, and promises “no immediate disruption to Facebook [and, presumably, other services such as WhatsApp and Instagram] in Europe”.
Despite the fact that Meta is undoubtedly able to soak up even hefty fines like these, should the appeal fail, it could spell the end of Meta’s operations in EU territory.
Nick Clegg, Meta’s President of Global Affairs, was, along with Chief Legal Officer Jennifer Newstead, altogether less apologetic than usual in claiming that “this decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.”
Being so uncomfortable with oversight, the former coalition government teaboy is, I suspect, quite at home in the US, which, as the AP notes, has no federal laws pertaining to data privacy.
That’s perhaps what has led to all of this coming crashing down for Meta. After Edward Snowden blew the whistle on the National Security Agency’s surveillance operations in 2013, Austrian privacy advocate and lawyer Max Schrems filed a complaint over how Facebook handled his personal data.
And as we’ve noted previously, a rework of EU data protections within the US, known as the Digital Privacy Framework, was ratified by President Joe Biden in October 2022, but is currently still being deliberated by the EU over concerns that it doesn’t quite go far enough, after the previous framework, Privacy Shield, was scrapped.
In its latest earnings report, Meta indeed warned that it may have to wind up services in Europe, saying that it would “materially and adversely affect our business, financial condition, and results of operations”. Forgive us if we don’t burst into tears.
Nigel Jones, co-founder of the Privacy Compliance Hub, thinks disruption to Meta services in the EU is quite likely. “The requirement to stop the storage of the personal data of EU individuals which it transferred unlawfully is a massive undertaking to carry out, financially, technically and logistically.”
“It’s difficult to see how it can cease the transfers and bring its processing within the law in the time given.”