Belgium (Brussels Morning Newspaper) The European Data Protection Board (EDPB) has just overruled a decision by the Irish Data Protection Commission (DPC) and announced that Meta, owner of Facebook, Instagram, and WhatsApp is fined 1.2 billion euros over violations of the EU’s General Data Protection Regulation (GDPR), now celebrating its fifth anniversary.
Since May 2018, regulators have possessed the right to fine a company up to 4% of its annual turnover for serious violations.
Many hi-tech behemoths – Meta and Apple included – based their operations in tax-friendly Ireland. Little did they know that its ferocious privacy watchdog would wipe out any tax savings they might have gained with this tax-sheltering move.
Meta did not take steps to mitigate, let alone eliminate “the risks to the fundamental rights and freedoms” of its users, explicated the Irish Data Protection Commission, though Meta acted in good faith and, therefore, did not deserve to be fined.
Meta was also given 5 months to “suspend any future transfer of personal data to the US” and 6 months to terminate “the unlawful processing, including storage, in the US” of users’ data.
Meta threatened in the past to withdraw from the EU altogether, but is unlikely to do so as it awaits the implementation of a new agreement on data flows between its two main markets.
A similar “Privacy Shield” pact, though, was annulled in 2020 by the Court of Justice of the European Union (CJEU). The tribunal left intact data transfers founded on standard contractual clauses (SCCs), but even this vestige was struck down by the Irish authority.
Still, EU regulators produced an alternative in December 2022 (the Data Privacy Framework or DPF) and Joe Biden reciprocated by issuing an executive order intended to reassure the EU and its denizens of safeguards in place to maintain the integrity of transferred data.
Alas, this morality play has no saints in it. Both parties are gaslighting each other – and the public at large.
Meta sports a stubbornly abysmal and scandal-ridden – almost contemptuous – record when it comes to the protection of the privacy of its users’ data.
The EU, on the other hand, is opaque, indecisive, and capricious in its trans-Atlantic data transfer policies which have been mired in a perpetual state of regulatory uncertainty.
The solution is a bilateral body. The EU and the USA should set up an independent organization to take care of the storage of users’ data and its disposal by all the technology companies in strict accordance with all relevant laws and regulations on both sides of the pond.
Chinese walls can guarantee commercial interests the same way accounts are handled in investment banks and brokerage firms.
But there is a much more fundamental problem: a digital philosophy divide between the USA and the EU and not only regarding access to information of all kinds.
The USA regards users’ data as commercial raw material and as evidence in both civil and criminal cases. Data, therefore, belong to enterprises, with access granted to the state as needed.
In contrast, the EU considers data to be the property of individuals to dispense with as they, please.
Yet, the EU’s position is somewhat disingenuous and untenable. Users do explicitly trade their personal information for the free use of a variety of services online. Law enforcement agencies should be able to access users’ data subject to court orders in any jurisdiction.
To hamper the free flow of data of any kind is to undermine the foundations of and fragment the Internet and other digital utilities and networks. It is too high a cost.
Data privacy is an elusive and illusory mirage and the GDPR is a pretentious piece of political theatre with little impact in the real world. Idealism and activism have their place, but not when they are rendered grandiose, destructive, and self-delusional.
Moreover: the EDPB’s ability to overrule a local regulator with intimate knowledge of affairs is worrying. Meta was not invited to appear in what amounted to an appeals process. It fell victim to an internal EU turf war, it would seem.
Meta was also singled out of thousands of other technology companies with identical data transfer practices. This oversight smacks of a political PR stunt, not justice. It is especially egregious when data transfers to the likes of China continue unabated and largely unchallenged.
Opinions expressed in the op-ed section are solely those of the individual author and do not represent the official stance of our newspaper. We believe in providing a platform for a wide range of voices and perspectives, even those that may challenge or differ from our own. As always, we remain committed to providing our readers with high-quality, fair, and balanced journalism. Thank you for your continued support.Sincerely, The Brussels Morning Team