A Facebook privacy breach has seen parent company Meta fined $1.3B – the largest amount ever imposed for breaking Europe’s tough GDPR privacy laws, according to WSJ sources. The news is expected to be officially announced later today.
The fine also raises questions about the privacy of US Facebook users, as it was levied for exposing European citizens to the much looser rules that apply to American users …
Personal data put at risk
Facebook’s main data centers for its global operations are based in the US. This means that data from users in other countries – including Europe – are sent to US servers for processing. In particular, Meta uses the data to identify interests in order to serve personalized ads in user feeds.
That used to be legal for citizens of EU countries, under an arrangement known as the Privacy Shield. This was supposed to ensure that European users were given stronger privacy protections even when their data was processed in the US.
However, Edward Snowden’s 2013 revelations about NSA surveillance of user data stored and processed by tech giants resulted in a complete reevaluation of the safety and privacy of personal information.
It also led privacy campaigner Max Schrems to challenge the legality of the Privacy Shield, and in 2020 a court agreed with him that it was illegal.
Even Apple has come under fire by Schrems, who claimed that its ad-tracking system broke privacy laws, and that its compliance with GDPR is inadequate.
Record fine for Facebook privacy breach
Meta continued sending the data of EU citizens to its US servers, and continued harvesting that data for ad purposes. The EU ordered the company to stop doing so – an order that Meta ignored.
The Wall Street Journal reports that this has seen Meta fined $1.3B.
The fine surpasses the previous record of 746 million euros, or $806 million, under the General Data Protection Regulation against Amazon in Luxembourg in 2021 for privacy violations related to its advertising business […]
In addition to imposing a fine, Monday’s decision also orders Meta to stop sending information about European Facebook users to the U.S., and delete data already sent, within six months.
Europe called Meta’s bluff
During earlier discussions, Meta had claimed that if it was no longer allowed to transfer data in this way, it would have no alternative but to cease to offer Facebook to European users.
This was clearly a ridiculous bluff, and by going ahead and levying the fine, the EU has made it clear that it is not willing to be blackmailed.
It won’t end here
US tech giants have been lobbying hard for a new arrangement to replace the Privacy Shield, allowing them to continue their data-harvesting activities.
The new deal would mean that data from European users could continue to be sent to US servers, but only if EU citizens were granted the right to appeal against government surveillance. The White House hasn’t yet put in place arrangements for this, so that deal is currently stalled.
Photo: Abigail Low/Unsplash
FTC: We use income earning auto affiliate links. More.
Comments