Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
64,387
32,195


Facebook owner Meta has been hit with a record $1.3 billion (€1.2 billion) fine by European Union regulators for mishandling user information, and has been ordered to suspend the transfer of data from users in the EU to the United States.

Facebook-Feature.jpg

The fine was issued by Ireland's Data Protection Commission, which regulates Facebook across the EU, after it ruled that the social network's data transfers to the U.S. "did not address the risks to the fundamental rights and freedoms" of EU users and violated General Data Protection Regulation.

The fine constitutes the largest ever imposed under the EU's GDPR privacy law, the previous one being a €746 million penalty issued to Amazon in 2021 for similar privacy violations.

In addition to the fine, Meta was given five months to suspend any future transfer of personal data to the U.S., and six months to end "the unlawful processing, including storage, in the U.S." of transferred personal data. Instagram and WhatsApp, which Meta also owns, are not subject to the order.

A previous mechanism to legally transfer personal data between the U.S. and the EU, known as the "Privacy Shield" pact, was struck down by the EU bloc's top court in 2020. The Irish regulator alleged that Meta infringed on the EU's GDPR laws when it continued to transfer personal data to the U.S. after 2020 despite the court ruling.

The issue has been ongoing for a decade after a legal challenge brought by Austrian privacy activist Max Schrems against Facebook in 2013, over concerns resulting from the Edward Snowden revelations that EU user data is not sufficiently protected from U.S. intelligence agencies when transferred across the Atlantic.

"This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.," said Nick Clegg, Facebook's president of global affairs, responding to the decision in a blog post. "We will appeal the ruling, including the unjustified and unnecessary fine, and seek a stay of the orders through the courts."

Article Link: Facebook Fined Record $1.3 Billion Over EU User Data Transfers to the US
 

wanha

macrumors 68000
Oct 30, 2020
1,617
4,610
This can have a huge impact on other companies as well. Google Analytics for example is already deemed illegal in the EU, yet businesses keep using it. Technically Office 365 or Teams would not even be allowed. I am sure even Apple is sending some data like the IP to the US (and yes, the EU deems an IP personal data)

No doubt this ruling can (and in all likelihood will) have some unintended consequences.

The EU's focus is on regulation and they're rather ignorant on innovation, which is why they often don't see foresee the problems their regulatory flexing creates until it's way too late and innovation has moved elsewhere.
 
Last edited:

t0rqx

macrumors 68000
Nov 27, 2021
1,665
3,965
In the meantime everyone is calling out China over privacy. While the US just transfer data without any serious consequences. The data is already transferred the fine is pennies. Who knows how much data is already transferred without us knowing.
 

cicalinarrot

macrumors 6502a
Apr 28, 2015
542
1,779
In the meantime everyone is calling out China over privacy. While the US just transfer data without any serious consequences. The data is already transferred the fine is pennies. Who knows how much data is already transferred without us knowing.
The China thing is... a little different.
Not that Facebook isn't dangerous or hasn't accepted money to help dictatorships interfere with foreign elections.
 

nothingtoseehere

macrumors 6502
Jun 3, 2020
454
521
There is a thing that I, living in Germany and therefore in the EU, do not understand:
After that mentioned court rule, countless sites/forums/portals sent new data protection arrangements to me, asking me for my consent to transfer data to the US. Of course, I clicked OK without looking at that tedious texts in detail.
Why didn‘t Facebook do this?
 

contacos

macrumors 603
Nov 11, 2020
5,063
19,542
Mexico City living in Berlin
There is a thing that I, living in Germany and therefore in the EU, do not understand:
After that mentioned court rule, countless sites/forums/portals sent new data protection arrangements to me, asking me for my consent to transfer data to the US. Of course, I clicked OK without looking at that tedious texts in detail.
Why didn‘t Facebook do this?

I heard giving consent is not sufficient either (one of the reasons Google Analytics is deemed illegal) because in order to know that you would have given consent, they already had to check things like your IP to know it is even you. At that point the ship has already sailed so to speak.

The issue isn’t even META, it’s the POTENTIAL of the US government demanding access to European citizens data on foreign soil by using U.S. based services. The issue is the US itself being deemed UNSAFE when it comes to personal data protection
 

constructor

macrumors regular
May 15, 2011
206
464
In the meantime everyone is calling out China over privacy. While the US just transfer data without any serious consequences. The data is already transferred the fine is pennies. Who knows how much data is already transferred without us knowing.
Classic whataboutism response. Chinese privacy invasions are very much being looked at as well, most of those are just more difficult to track and block.
 

constructor

macrumors regular
May 15, 2011
206
464
The issue isn’t even META, it’s the POTENTIAL of the US government demanding access to European citizens data on foreign soil by using U.S. based services. The issue is the US itself being deemed UNSAFE when it comes to personal data protection
The main issue is the US government's refusal to give credible assurances about respecting european users' data privacy on US soil, reserving the right to invade it whenever they feel like it.

That is why the ludicrous Privacy Shield agreement was correctly found to be worthless as was its equally pointless successor: Both were just PR fig leaves without any actual effect.
 

wanha

macrumors 68000
Oct 30, 2020
1,617
4,610
Personal privacy is a fundamental human right and its protection overrides less important concerns.

If a business model is based on the violation of fundamental rights then it has no justification to exist, simple as that.

But it isn't as simple as that.

We could go scorched earth in the name of privacy and eliminate ALL data collection that isn't explicitly agreed to, but we'd cause far more harm than we'd solve with such a unilateral and simplistic view.

There'a always a line to be drawn, because life isn't about a single priority. It's an amalgamation of countless priorities and it's society's job how to best balance them all.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.