The Irish privacy watchdog did Meta have a sample fined €1.2 billion for failing to comply with GDPR provisions. Facebook’s parent company would namely transmitted users’ data to the United States, without demonstrate That their privacy would be guaranteed there. The Cracked Privacy Shield plays a important role. Meta is put under pressure to stopping that data transmission. In this blog, we will explore whether it is possible for Meta to stop data transfers to the US and whether they can still have a future in the EU.
-
The continued and repeated violations of Meta
Ireland’s privacy regulator has given Meta a GDPR fine of €1.2 billion.
This fine is the highest handed out since the GDPR went into effect. Previously, this title belonged to Amazon, which was fined 746 million euros last year.
This is not the first time Meta and its subsidiaries have faced European fines of hundreds of millions of euros for privacy violations.
2. Which companies still received fines?
For example, Whatsapp was fined 225 million euros in 2021. Indeed, the Irish Data Protection Commission was of the opinion that WhatsApp did not provide enough clarity about what the platform does with all of its users’ personal data.
Facebook was also fined 60 million euros that same year, as French regulator CNIL found that Facebook made it too difficult to refuse cookies. Whereas users could accept all cookies with just one click, they had to click through several times to reject these cookies.
3. Is META’s fine correct?
However, the European Data Protection Board (EDPB) believes that this fine is correct.
The violations of the GDPR committed by Meta are very serious and occur repeatedly and continuously, according to the EDPB. Specifically, the controversial “standard contractual clauses” are the problem.
These so-called sccs are a remnant of the discontinued Privacy Shield treaty, which was banned by the European Court of Justice (“ECJ”) in 2020. The said treaty allowed Tech companies from America to store data of European users.
However, the ECJ decided that America did not adequately protect this data, and so the Privacy Shield Treaty came to an end.
With the termination of this treaty, there is no longer a legal basis under which European data may be sent to the US.
3. Sneak routes that American companies had:
The only shortcut American companies still had were the sccs, through these model contracts they could at least pretend to have an agreement with a user for the transfer of their personal data.
Thus, there would still be a good reason to send the data to the US. However, these scc’s are not enough, the Irish privacy regulator has cited several times that data subjects are not given enough clarity about what exactly happens to their data.
For this, Meta and Google have been taken to task several times. Privacy watchdogs are particularly concerned that the US government can access the data of European data subjects and even expect companies like Google and Facebook to provide European data to the government under US law 50 US Code § 1881(b) (4).
Threatening exit from EU
The Irish privacy regulator is giving Meta a five-month period to find a new basis for collecting data from European users.
Meta itself strongly disagrees with the privacy regulator’s decision and intends to challenge it. Indeed, they believe that the error did not arise from their company’s methods but from the fundamental legal conflict between U.S. government rules and European privacy rights.
Meta has cited several times in the past that if a new framework is not adopted, and thus the company is no longer allowed to use model agreements, it will be impossible to offer some of its “most significant products and services,” including Facebook and Instagram, in the EU.
Sharing data across countries and regions is absolutely critical to providing its services and targeted ads, according to Meta.
Does Biden bring the solution?
A new Privacy Shield is in the works. It was already announced last year by Joe Biden and European Commission President Ursula von der Leyen that a
agreement
was reached for legal data transfers between the EU and US.
The
Committee on Civil Liberties, Justice and Home Affairs of the
Europee
s Parliament
does not, however, want the European Commission to decide on the proposed EU-US data protection pact at this time.
Indeed, it concluded that the proposed Privacy Shield does not create a de facto equivalence in terms of the level of protection provided under the GDPR.
Privacy activist Max Schrems also spoke out against the new draft decision. He believes the new Privacy Shield is unlikely to change the way U.S. intelligence agencies operate.
Meta’s future in Europe is an uncertain one. The future will have to show whether the new Privacy Shield provides a solution for Meta. In any case, we don’t think it’s a bad idea to already start thinking about a future without Instagram or Facebook in Europe.
