The EU and US are working to develop a new trans-Atlantic data privacy regime, potentially as early as July, that would provide safeguards and assurances of privacy protections for data transferred and stored in the US. With Meta promising to appeal the latest decision an agreement might be reached in time to render this week’s judgement anachronistic.
What the decision and fine do demonstrate is that the Europeans take the data privacy of their citizens far more seriously than almost every other community with, as noted, the possible exception of China. As Meta noted, there is a fundamental conflict between the approach the US and other Western governments take to access to data and the Europeans’.
Indeed, there’s a massive difference to the way the US and other governments view big tech’s activities more broadly relative to the EU, where legislation regulating content moderation, the transparency of what they are doing with consumers’ data and anti-competitive practices are far more stringent and prescriptive than in most other jurisdictions.
(Twitter, for instance, having denuded its content moderation capabilities under Elon Musk, is facing a forced exit from Europe if it can’t demonstrate an ability to comply with a EU code on disinformation that is soon to become law).
Meta made the point that the ability of data to flow seamlessly across borders is fundamental to how internet commerce functions. It’s not just the big social media and e-commerce platforms that collect and use user data, but thousands of companies collect data from other countries’ citizens and, in an era of cloud computing, store it in data centres in their home countries.
Loading
“Without the ability to transfer data across borders, the internet risks being carved up in national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on,” Meta said.
In the absence of a new agreement between the EU and US, Meta and many others – particularly those pursuing the “data for service” model employed by the social media platforms – will find it difficult, if not impossible, to collect or hold data on Europeans in their home markets.
They could, at great cost, replicate their (predominantly US) infrastructure and operations within a tight EU silo or excise the EU from their businesses. In Meta’s case, Europe represents about 10 per cent of its global revenues.
As concerning, if the Meta decision stands, it might have to remove all the existing data it holds related to Europeans, which would be a costly, and perhaps impossible, nightmare.
In some respects, the big tech companies have brought this outcome on themselves, and others.
They have been very aware that privacy is regarded very differently in Europe than it is in the US – the massive catalogue of fines they have built up would, by itself, have put them on notice – but ploughed on without significantly changing their practices.
The EU and US, as the lead protagonists in the debate about the relationship between data privacy and borderless commerce, need to devise a framework that protects one without unduly burdening the other.
Meta is aggrieved that it has been singled out. Not only do thousands of other companies use the same contractual mechanism to operate within Europe but so to does China. The EU hasn’t taken similar actions against China or Chinese companies although, ironically, the US is trying to do something analogous to TikTok that the EU has just done to Meta.
The sooner the EU, US and other advanced economies can come up with a shared view of how to manage and protect users’ data the better.
Loading
While it is the US technology companies that have been caught within the collision of the EU regime and its less aggressive US counterpart European companies are at a distinct disadvantage in trying to compete, given that they operate under the strictest of privacy laws while their competitors appear to treat the fines they face as something to be either endlessly appealed or perhaps just as the cost of doing business in Europe.
More broadly, the 21st Century global economy can’t function effectively or efficiently if data is quarantined within national borders. The EU and US, as the lead protagonists in the debate about the relationship between data privacy and borderless commerce, need to devise a framework that protects one without unduly burdening the other.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.