"Facebook owner Meta Platforms was fined $1.3 billion by European Union regulators for sending user information to the U.S., a record privacy penalty for the bloc.
The ruling raises pressure on the U.S. government to complete a deal that would allow Meta and thousands of multinational companies to keep sending such information stateside. The size of the fine underscores the increasing risks of running afoul of the European Union's privacy rules as its enforcement tightens.
Technology companies have been especially vulnerable to European regulatory scrutiny over privacy concerns. That has increased since European courts overturned in 2020 a previous, data-sharing deal between the U.S. and EU.
Most large international companies -- not just tech companies -- rely on a relatively free flow of data across the Atlantic, and the steep fine punctuates the risks companies of all stripes are taking without a new deal in place.
Meta's top privacy regulator in the EU said in its decision on Monday that Facebook has for years illegally stored data about European users on its servers in the U.S., where it contends the information could be accessed by American spy agencies without sufficient means for users to appeal.
The 1.2 billion euro fine surpasses the previous record of 746 million euros, or $806 million, levied under the General Data Protection Regulation, against Amazon in Luxembourg in 2021 for privacy violations related to its advertising business. Amazon has appealed that decision in Luxembourg courts.
The fine represents a step change from EU privacy regulators, who are increasing their enforcement of the GDPR, the bloc's privacy law, some five years after it came into effect. A board of EU regulators has taken more control over cross-border decisions -- and has insisted on bigger fines, people familiar with the deliberations say.
Ahead of Monday's decision, the EU board insisted Ireland issue a fine of between 20% and 100% of the maximum allowable penalty, the decision said. The GDPR allows for a fine of up to 4% of worldwide annual revenue, or nearly $4.7 billion in Meta's case. Ireland's Data Protection Commission issued the fine and order because it leads the enforcement of the GDPR for Meta, which has its European headquarters in Dublin.
"Facebook has millions of users in Europe, so the volume of personal data transferred is massive," said Andrea Jelinek, chair of the board of EU privacy regulators. "The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences."
Monday's decision orders Meta to stop sending information about Facebook's European users to the U.S., and delete data already sent, within about six months. Meta said it could avoid that order if Washington completes a new trans-Atlantic agreement with the EU to allow data transfers before then.
Meta said it would appeal the ruling and seek a stay to delay its suspension orders. "This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.," Meta said in a blog post responding to the decision.
Meta, alongside many other U.S.-based tech companies, moves data from Europe to the U.S., where the company operates its main data centers to offer its services. Meta has said in securities filings that if ordered to suspend transfers, it may have to stop offering services in the EU, where it says it has more than 255 million Facebook users. The European region accounts for nearly a quarter of Meta's revenue.
The fine and suspension order are the biggest step that EU regulators have taken thus far to enforce a 2020 ruling about data transfers from the bloc's top court. That ruling restricted how companies such as Meta can send personal information about Europeans to U.S. soil, because it found that Europeans have no effective legal way to challenge American government surveillance.
The U.S. has said its surveillance practices include safeguards for privacy and civil liberties, but has moved to give Europeans more ability to challenge them.
While Monday's decision covers only Facebook, the issues underlying it affect Meta's other units -- as well as thousands of other multinational companies that store or access data about Europeans from computers inside the U.S.
Without a U.S.-EU deal, big tech companies as well as other companies that use their services, could find themselves the targets of EU privacy investigations of their own, aimed at ordering them to suspend data flows to the U.S. Hanging in the balance are tens if not hundreds of billions of dollars in trade in industries such as advertising, artificial intelligence, human resources and cloud services.
Tech companies are particularly affected because the 2020 EU court ruling is focused in part on surveillance powers in Section 702 of the U.S.'s Foreign Intelligence Surveillance Act, which can compel electronic-communications providers to turn over information on their users. Under a newly proposed U.S.-EU data deal, the EU would lift many of the restrictions on companies sending data to the U.S., provided the U.S. addressed the concerns raised by the EU court -- for instance by giving Europeans new rights to appeal surveillance.
The replacement deal hasn't been officially completed by EU officials because they say the U.S. government hasn't fully implemented its end of the bargain. Some European politicians have said they think the deal should be further renegotiated.
"After almost three years of failed negotiations, it's possible we're underestimating the EU's willingness to withhold a deal and dare Meta to actually turn off service there," said Paul Gallant, an analyst with investment bank TD Cowen.
A spokesman for the European Commission, the EU's executive body, said the bloc was completing its framework for data protection between the U.S. and EU and expected it to be in place by the summer." [1]
1. Meta Hit With EU Record Privacy Penalty --- The $1.3 billion fine puts pressure on U.S. to make deal allowing for data transfers. Schechner, Sam.
Wall Street Journal, Eastern edition; New York, N.Y. [New York, N.Y]. 23 May 2023: A.1.
Komentarų nėra:
Rašyti komentarą