State Champ Radio European Union
Page: 2
The European Union slapped Meta with a record $1.3 billion privacy fine Monday and ordered it to stop transferring users personal information across the Atlantic by October, the latest salvo in a decadelong case sparked by U.S. cybersnooping fears.
The penalty of 1.2 billion euros is the biggest since the EU’s strict data privacy regime took effect five years ago, surpassing Amazon’s 746 million euro fine in 2021 for data protection violations.
Meta, which had previously warned that services for its users in Europe could be cut off, vowed to appeal and ask courts to immediately put the decision on hold.
The company said “there is no immediate disruption to Facebook in Europe.” The decision applies to user data like names, email and IP addresses, messages, viewing history, geolocation data and other information that Meta — and other tech giants like Google — use for targeted online ads.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.,” Nick Clegg, Meta’s president of global affairs, and chief legal officer Jennifer Newstead said in a statement.
It’s yet another twist in a legal battle that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebook’s handling of his data following former National Security Agency contractor Edward Snowden’s revelations of electronic surveillance by U.S. security agencies. That included the disclosure that Facebook gave the agencies access to the personal data of Europeans.
The saga has highlighted the clash between Washington and Brussels over the differences between Europe’s strict view on data privacy and the comparatively lax regime in the U.S., which lacks a federal privacy law. The EU has been a global leader in reining in the power of Big Tech with a series of regulations forcing them police their platforms more strictly and protect users’ personal information.
An agreement covering EU-U.S. data transfers known as the Privacy Shield was struck down in 2020 by the EU’s top court, which said it didn’t do enough to protect residents from the U.S. government’s electronic prying. Monday’s decision confirmed that another tool to govern data transfers — stock legal contracts — was also invalid.
Brussels and Washington signed a deal last year on a reworked Privacy Shield that Meta could use, but the pact is awaiting a decision from European officials on whether it adequately protects data privacy.
EU institutions have been reviewing the agreement, and the bloc’s lawmakers this month called for improvements, saying the safeguards aren’t strong enough.
The Ireland’s Data Protection Commission handed down the fine as Meta’s lead privacy regulator in the 27-nation bloc because the Silicon Valley tech giant’s European headquarters is based in Dublin.
The Irish watchdog said it gave Meta five months to stop sending European user data to the U.S. and six months to bring its data operations into compliance “by ceasing the unlawful processing, including storage, in the U.S.” of European users’ personal data transferred in violation of the bloc’s privacy rules.
If the new transatlantic privacy agreement takes effect before these deadlines, “our services can continue as they do today without any disruption or impact on users,” Meta said.
Schrems predicted that Meta has “no real chance” of getting the decision materially overturned. And a new privacy pact might not mean the end of Meta’s troubles, because there’s a good chance it could be tossed out by the EU’s top court, he said.
“Meta plans to rely on the new deal for transfers going forward, but this is likely not a permanent fix,” Schrems said in a statement. “Unless U.S. surveillance laws gets fixed, Meta will likely have to keep EU data in the EU.”
Meta warned in its latest earnings report that without a legal basis for data transfers, it will be forced to stop offering its products and services in Europe, “which would materially and adversely affect our business, financial condition, and results of operations.”
The social media company might have to carry out a costly and complex revamp of its operations if it’s forced to stop shipping user data across the Atlantic. Meta has a fleet of 21 data centers, according to its website, but 17 of them are in the United States. Three others are in the European nations of Denmark, Ireland and Sweden. Another is in Singapore.
Other social media giants are facing pressure over their data practices. TikTok has tried to soothe Western fears about the Chinese-owned short video sharing app’s potential cybersecurity risks with a $1.5 billion project to store U.S. user data on Oracle servers.
The European Union’s executive branch said Thursday that it has temporarily banned TikTok from phones used by employees as a cybersecurity measure, reflecting widening worries from Western officials over the Chinese-owned video sharing app.
In a first for the European Commission, its Corporate Management Board suspended the use of TikTok on devices issued to staff or personal devices that staff use for work.
TikTok faces intensifying scrutiny from Europe and the U.S. over security and data privacy amid worries that the hugely popular app could be used to promote pro-Beijing views or sweep up users’ information. It comes as China and the West are locked in a wider tug of war over technology ranging from spy balloons to computer chips.
The EU’s action follows similar moves in the U.S., where more than half of the states and Congress have banned TikTok from official government devices.
“The reason why this decision has been taken is to … increase the commission’s cybersecurity,” commission spokesperson Sonya Gospodinova said at a press briefing in Brussels. “Also, the measure aims to protect the commission against cybersecurity threats and actions which may be exploited for cyberattacks against the corporate environment of the commission.”
Caroline Greer, TikTok’s Brussels-based public policy official, tweeted that the suspension “is misguided and based on fundamental misconceptions.”
“We have requested a meeting to set the record straight,” she said, adding that TikTok, which has 125 million users in the 27-nation European Union, is “continuing to enhance” its approach to data security. That includes opening three European data centers and minimizing data sent outside of the continent.
Commission spokespeople declined to say whether a specific incident triggered the suspension or what’s needed to get it lifted.
Staffers would be required to delete TikTok from devices that they use for professional business by March 15, EU representatives said, but did not provide any details on how that would be enforced for people who use personal phones for work.
In Norway, which is not a member of the 27-nation EU, the justice minister was forced to apologize this month for failing to disclose that she had installed TikTok on her government-issued phone.
TikTok also has come under pressure from the EU to comply with upcoming new digital regulations aimed at getting big online platforms to clean up toxic and illegal content along with the bloc’s strict data privacy rules.
TikTok’s CEO met Tuesday with European Union officials about strict new digital regulations in the 27-nation bloc as the Chinese-owned social media app faces growing scrutiny from Western authorities over data privacy, cybersecurity and misinformation.
In meetings in Brussels, Shou Zi Chew and four officials from the EU’s executive Commission discussed concerns ranging from child safety to investigations into user data flowing to China, according to European readouts from two of the meetings and tweets from a third.
TikTok is wildly popular with young people but its Chinese ownership has raised fears that Beijing could use it to scoop up user data or push pro-China narratives or misinformation. TikTok is owned by ByteDance, a Chinese company that moved its headquarters to Singapore in 2020.
U.S. states including Kansas, Wisconsin, Louisiana and Virginia have moved to ban the video-sharing app from state-issued devices for government workers, and it also would be prohibited from most U.S. government devices under a congressional spending bill.
Fears were stoked by news reports last year that a China-based team improperly accessed data of U.S. TikTok users, including two journalists, as part of a covert surveillance program to ferret out the source of leaks to the press.
There are also concerns that the company is sending masses of user data to China, in breach of stringent European privacy rules. EU data protection watchdogs in Ireland have opened two investigations into TikTok, including one on its transfer of personal data to China.
“I count on TikTok to fully execute its commitments to go the extra mile in respecting EU law and regaining trust of European regulators,” Vera Jourova, the commissioner for values and transparency, said after her meeting with Chew. “There cannot be any doubt that data of users in Europe are safe and not exposed to illegal access from third-country authorities.”
Caroline Greer, TikTok’s director of public policy and government relations, said on Twitter that it was a “constructive and helpful meeting.”
“Online safety & building trust is our number one priority,” Greer tweeted.
The company has said it takes data security “incredibly seriously” and fired the ByteDance employees involved in improperly accessing user data.
Jourova said she also grilled Chew about child safety, the spread of Russian disinformation on the platform and transparency of paid political content.
Executive Vice President Margrethe Vestager, who’s in charge of competition and antitrust matters, met with Chew to “review how the company is preparing for complying with its obligations under the European Commission’s regulation, namely the Digital Services Act and possibly under the Digital Markets Act.”
The Digital Services Act is aimed at cleaning up toxic content from online platforms and the Digital Markets Act is designed to rein in the power of big digital companies.
They also discussed privacy and data transfer obligations in reference to recent news reports on “aggressive data harvesting and surveillance in the U.S.,” the readout said.
Chew also met with Justice Commissioner Didier Reynders and Home Affairs Commissioner Ylva Johansson.
Reynders tweeted that he “insisted on the importance” of TikTok fully complying with EU privacy rules and cooperating with the Irish watchdog.
“We also took stock of the company’s commitments to fight hate speech online and guarantee the protection of all consumers, including children,” he said.
Chew is scheduled to hold a video chat with Thierry Breton, the commissioner for digital policy, on Jan. 19.
