Meta facing third fine of 2023 for mishandling EU user data under GDPR Meta is set to face what may be a record fine for failure to comply with the GDPR by shipping user data belonging to EU residents to the US without proper guarantees it would remain safe from inspection by authorities. The fine, which is to be levied by Ireland's Data Protection Commission (DPC) against Zuckercorp, remains …
Hard to understand why Meta leaves itself open to this. Once they are big enough to have datacenters here, there, and everywhere, they should just (say they) process data in the local data centre. As long as it a was vaguely credible try, nobody could actually pin anything on them.
Hard to understand why Meta leaves itself open to this.
Easy. Until now, the fines were low enough to be written off as the cost of doing business. At most they served fewer cookies during meetings for a bit but the fines barely registered in their accounts, and that's the only metric that matters, especially for US companies.
I'm hoping that the next fine will be massive because as long as profits substantially exceed fines nothing will change.
Easy fix?
The Patriot Act. Meta would need to create a fully independent EU based company to run it's services within the EU with no connection to the US based Meta. MS tried to do that in Ireland and the US still came knocking on the door with legal threats to hand over data as it wasn't independent enough by their rules. The EU and Ireland were a bit miffed about that and it dragged on and on until some sort of compromise was worked out in favour of the US.
> Easy fix?
Well, in comparison to getting b____slapped with ever increasing fines by the EU, the fix will seem easier and easier I'd say.
Because, and here is what The-Artist-Formerly-Known-As-Facebook and similar companies that live from selling ads, will have to learn: The EU needs them alot less, than they need the revenue from the 3rd largest economic zone in the world, especially since the 2nd largest is an autocratic dictatorship, that has even less qualms about kicking them out, and has it's own "social" media platforms on top of that.
BeReal Has 73.5 Million Active Monthly Users
This is a new social media company based in France. Dunno who owns it, I'm not that interested, but it's based in and headquartered in the EU. At the very least, they can't claim ignorance or "operational difficulties" in terms of GDPR compliance since GDPR pre-dates their founding and is most definitely in their jurisdiction :-)
"In August 2022, BeReal reached 73.5 million active users. Additionally, 20 million of those users access the app daily. That was a significant jump from July when the app had 21 million monthly active users.
BeReal had 13.89 million downloads in the Apple App store in September 2022. This is nearly double the runner-up, TikTok, which had 7.51 million downloads in the same month."
So, maybe Facebook/Twitter et al no longer have the "pull" to threaten to leave the EU if the EU doesn't dance to their tune? Maybe the Zuck saw this coming and that's why Meta was created. Facebook may be the biggest part of Meta, but the structure allows Facebook to shrink or fail while protecting Meta and it's other subsidiaries. Others have grown "too big to fail" and still failed :-)
The thing is, from the point of view of a global political power at the scale of the EU, they were never "too big to fail".
These aren't banks, or major production industries, or some vital infrastructure service. It's social media. Sure, people would be pi$$ed if they had to find someplace else where they can post their food pictures, but the wheels of the world would keep turning, wages would be paid, the sun would rise on the morrow.
@NoneSuch
"Keep European citizens info inside Europe."
Why? The point of facebook and such is to deal in the practically valueless data that must be processed in huge volume just to be at all worth any profit. While some people have their issues with social media (understandably) there are obviously a lot of people who value the platforms. Which only exist without monetary cost due to the vast volume of data.
Keeping data in silo's of countries could be worth less than nothing and would remove something that the people want. Anyone remember when the internet was to be a free space without borders and government interference.
Does, for example, a US company actually need specific identifiable data on, say, EU citizens, or is the genuinely anonymised and/or aggregated data really all they need? Do they need to know exactly where *I* live and what websites *I* visit, or do they really only need to know that a certain number of people *like* me, in a particular region, visit certain types of websites, all the processing being done inside the EU and only the results sent to the US? I suspect that most of the granularity of individuals data is actually useless to almost everyone other than the people doing the initial data collection and so has little to no need to ever leave the country of origin.
So-called targetted advertising, as all readers here are aware, is rarely properly targetted and, if anything, is more likely to show stuff you previously had a passing interest in, or bought, than to show stuff you might be interested in soon. Because I used a car insurance comparison site, a number of car insurers send me snail-mail about a month before it;s due, but even when online with script/ad/cookie blockers off, I don't see any car insurance ads. Maybe my precautions are actually working? Maybe the "browser fingerprint" and other tech to get around blockers simply doesn't work as advertised?
The funniest one, of course, the "Also bought..." on shopping websites (looking at you, Amazon). I go there, buy a Raspberry Pi (I can wish LOL), an HDMI cable and a boc of chocolates for my wife (she can wish LOL) and the next person looking at a Raspberry Pi sees "People who bought this item also bought a box of chocolates" WTF? So what? I suspect that is very unlikely to attract an impulse buy from someone whereas "Also bought..." links to suitable Pi accessories more likely would.
"Does, for example, a US company actually need specific identifiable data on, say, EU citizens, or is the genuinely anonymised and/or aggregated data really all they need? "
They may or may not need it today, but they may find a need for it tomorrow. They don't know, storage is incredibly cheap, and you never know what trends the data sniffers will snort out. But they don't care what the law is - they will grab all they can and you have to prove they took it, and a fine won't matter at all.
If the EU wanted to put some teeth behind this, demand that the android show for a meeting then stick it into a packing crate for about 10 years. Or, block Meta access to EU nations altogether.
-> shipping user data belonging to EU residents to the US without proper guarantees it would remain safe from inspection by authorities
Next time Francois or Helmut or Giuseppe goes to the USA they get pulled by the 'authorities' there. Have you now or ever been a communist/human rights advocate/this/that/the other?
No? Well, we have you on record as being that. So now we will charge you with lying to government officials. You are facing 500 years behind bars.
Hopefully other countries that have enacted the GDPR, including the UK, will see this, take note, and do the same with similarly large fines. The large fines ought to be attractive to governments. Through collective action these abusers might be forced to change their ways.
“Meta is set to face what may be a record fine for failure to comply with the GDPR by shipping user data belonging to EU residents to the US without proper guarantees it would remain safe from inspection by authorities.”
HAAAAAAR!!!
Seriously the only thing the GDPR has achieved is force endless confirm prompts on websites, that people ignore and click through.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
