What Happens in the EU Stays in the EU
The Data Protection Commission in Ireland issued a decision concerning Meta’s (FB) use and transfer of data that was collected in the EU, under its 2018 GDPR (General Data Protection Regulation), that was adopted by the European Data Protection Board. The decision, the end result of a battle between the EU and Meta over the transfer of customer information from Meta Ireland to Meta US originally led to a judicial review in Ireland back in 2020 based on a draft decision made way back in 2016 over the same issue, which states that Meta ‘failed to guarantee a level of protection to data subjects that is essentially equivalent to that provided by EU law.”
The ruling ordered that the data transfers be suspended and processing and storage of the data in the US also be suspended, along with a €1.2b ($1.33b) fine, to own knowledge the largest fine ever levied under the GDPR. The original complaint even cites leaks by Edward Snowden, indicating that the NSA was operating surveillance programs on systems operated by some of the largest technology companies, as a basis for the illegality of the transfers to US soil, which tacitly the US confirmed. More to the point however was the accusation that the data was both collected without the user’s permission, and was used for purposes that user did not agree to
The ruling, which gives Meta 6 months to halt the transfer practice, will be appealed by the EU, and will likely drag out for many months, as had the €746m GDPR that was levied against Amazon (AMZN) in July 2021 (still unpaid), although the GDPR has certainly been a major step forward toward the protection of privacy, at least in the EU, and a similar edict should, in our opinion, be legislated in the US. That said, with everyday partisan politics in the US, it is hard enough to keep the country from defaulting on its debt, let alone pass legislation that might cause major companies in the US to think before they mine every scrap of data and sell it to whoever might pay for it. We can dream, right?
The ruling ordered that the data transfers be suspended and processing and storage of the data in the US also be suspended, along with a €1.2b ($1.33b) fine, to own knowledge the largest fine ever levied under the GDPR. The original complaint even cites leaks by Edward Snowden, indicating that the NSA was operating surveillance programs on systems operated by some of the largest technology companies, as a basis for the illegality of the transfers to US soil, which tacitly the US confirmed. More to the point however was the accusation that the data was both collected without the user’s permission, and was used for purposes that user did not agree to
The ruling, which gives Meta 6 months to halt the transfer practice, will be appealed by the EU, and will likely drag out for many months, as had the €746m GDPR that was levied against Amazon (AMZN) in July 2021 (still unpaid), although the GDPR has certainly been a major step forward toward the protection of privacy, at least in the EU, and a similar edict should, in our opinion, be legislated in the US. That said, with everyday partisan politics in the US, it is hard enough to keep the country from defaulting on its debt, let alone pass legislation that might cause major companies in the US to think before they mine every scrap of data and sell it to whoever might pay for it. We can dream, right?
RSS Feed