That Meta GDPR fine is €1.2B. Plus biz must stop sending EU data to US

Re: Honest question

"You now cannot process EU credit cards, bank transfers, process EU salaries, accept advertising from the EU, do business inside the EU, nor claim to do so."

If you think they'll just shrug that off, I assure you that you don't understand how they make that money.

Their assets in the EU are neither here nor there when 50%+ of their income is literally barred overnight.

Not even Microsoft (convicted) or other large companies were dumb enough to just bow out of the EU entirely. They all end up complying. Because the alternative is that you literally cannot accept money from the EU because the EU banks will refuse all such transactions. A bit like trying to buy Bitcoin using certain UK bank accounts... ever tried to do so? It just gets blocked.

Re: Honest question

> how can they be stopped

Good question. Let me answer with another one: Can Meta afford to lose all users in the EU?

Because, the Union absolutely has the power to simply block services if they want to: https://gizmodo.com/chatgpt-ai-openai-italy-bans-chatgpt-investigate-openai-1850287210

Now, that would suck for the users, sure. But I have a hunch that it would suck even more for the people who have to explain to the board at Meta, why they suddenly lost every single user in the 3rd largest economy in the world.

Re: Honest question

What makes you think that their assets are less than the fine? Here's one problem related to that: they've put most of their assets into their Irish company so they aren't paying tax in the U.S. for revenue from users outside North America. That's not just their EU customers, but everybody outside the U.S. and Canada (I'm not really sure why Canada isn't included, but I'm no tax lawyer). That's a large chunk of their revenue stored in an EU member state. Unless they quickly move all of it away and find a new place to incorporate, they have plenty of assets there. They also have three DCs built inside the EU, and their investment figures for a single one is higher than their fine. While it's certainly possible that there's been some depreciation of those, if those three were liquidated, it would come to more than their fine amount.

Even without considering that they earn plenty from having customers in the EU and they don't want to lose it, they have plenty of assets that could be taken if it came to it. Your question may be based on faulty assumptions.

Re: Honest question

Indict their board members and directors (including international search warrants), confiscate assets, forbid services in the EU.

That's more costly and annoying than paying a lousy billion (which is just a percentage of their profit)

Re: Honest question

As already mentioned, they can throw their toys out of the pram and refuse to pay the fines - then the EU can confiscate any EU held assets and order all service providers to block traffic to/from Meta. facebook goes offline in the EU - to which I'd be organising a street party.

And if FeacesBorg goes offline in the EU ? I'm sure there will be some entrepreneurs interested in filling the void, but doing it legally*. So suddenly not only does Facebook loose it's EU income stream, suddenly there's a very large market of people who want "something like facebook but which isn't Facebook", meaning that whoever steps in with an alternative shouldn't have too much problem growing a significant user base very quickly. And why should that alternative stop at wooing EU citizens ? People all around the world will be feeling cut off from their friends/relatives in the EU, so many of those will be happy to sign up for an alternative that keeps them in touch. That would be really bad news for Facebook as it would no longer be the de-facto monopoly provider like it is now - and that would be very bad news for them.

* Apart from keeping the data in the EU, they might choose to offer a "for a modest subscription, you can have the benefits without the creepy data slurpage and sale" option. Actually, facebook could do that and become law abiding - but they've gone so far down the "free to end users, just don't look at how you're actually paying" route, not to mention the endless lies and dishonesty, that I don't think anyone would believe them if they tried.

Re: Imagine if Facebook was a Chinese app/platform

I have to agree with that.

Anything that has been said about Wuawei/TikTok beholden to Beijing could not have those elements replaced by Cisco and the NSA and retain 100% of its threat level.

The USA has National Security Letters, with the legal obligations for companies being subject to one to shut up about it.

How's that for being beholden to the NSA ?

Why is that any better ? Because Beijing is not a democracy ?

You think the USA is ?

Re: Imagine if Facebook was a Chinese app/platform

I thought Google was the Internet branch of US Intelligence.

Re: Round and round the mulberry bush

If memory serves it was back when the US demanded additonal data about passengers from the european arilines that the then President of the Council of the European Union first told them to "operate and violate (european laws)". Since then protected european data has been handed to the US and nothing much changed (other than a few failed attempts to make that legal).

Re: There's no way the new agreement should be put in place

You are completely correct.

Only that means a number of typical daily activities (i.e. anything covered by GDPR) for multinational companies would need to stop and "business" revenue will slow significantly.

So instead we have the policy dance where neither side changes and a temporary sticking plaster is created to allow the status quo to continue until the next court decision tears off the stocking plaster, exposes the wound and forces the application of another sticking plaster...

Maybe the two sides are getting closer to a solution? Hahahaha hahaha.....

That will be when they spoke/wrote proper English too then?

Whatever he's told to, I would imagine.

The quote from him in the other article I read about this a couple of days ago was along the lines of, "we're squeaky clean, we did nothing wrong".

Which, from the guy who essentially destroyed any trust anyone had in the Liberal Democrats for over a decade, by being utterly dishonest and getting into bed with the Tories, is worth essentially zero pounds and nought pence.

Guilty as charged m'lud.

In tangentially related news...

The EU is going to court to try to force Apple to pay Ireland EUR13B today:

https://www.rte.ie/news/business/2023/0523/1385086-cjeu-to-hear-eu-commission-appeal-of-apple-tax-case/

Ireland had won a judgment that they didn't have to take the money, but the EU are trying to force them. For reference, Ireland's total tax take in 2022 was about EUR82B.

https://www.revenue.ie/en/corporate/press-office/press-releases/2023/pr-010523-headline.aspx

Well given how Ireland dragged it feet over its sweetheart deal with Apple, it does seem Ireland is enacting another form of subsidy: come to Ireland and we won’t enforce EU laws or pursue payment of fines…

Re: Incompatible laws

Every US company that works with EU data, via subsidiaries or not, is technically breaking GDPR law at the moment.

Well, yes and no.

If that data contains personally identifying information (PID), or is not adequately anonymised to the extent that PID can be extracted, or individuals identified, and that PID is being sent to the US, then yes.

If the PID elements of the data are stored and processed in the EU, in accordance with GDPR rules, and only the outputs from the processing, which would have to contain no PID, or any way to identify individuals, or small groups, are sent to the US for processing, then that is probably okay.

If everything occurs on servers in the EU, in accordance with GDPR, and only the money goes off to the parent company in the US, then there's no problem there. This is why a lot of companies have incorporated subsidiaries in each country, or bloc, they operate in. (And, incidentally, because of the bloc bit there, yet another reason why Brexit is an act of economic self-harm for the UK)

Essentially, it's only a botherance for companies which make their business out of sweeping up as much PID as possible and analysing, in the US, it for profit. In this case, Facebook, but I'd not be surprised to see similar against the likes of Google Alphabet, Apple, et al. It makes sense, too, for the regulators to go after the most egregious offenders first, and then work their way down the list.

IANAL, of course, but this is my understanding.

Quite.

They've been singled out because they are doing it on an industrial scale, in the same way that someone fly-tipping 100 tonnes of industrial waste into a river would be singled out over someone dropping a crisp packet.

This isn't to say that someone dropping a crisp packet won't get a fine if they happen to get caught, but it's likely to be something like a £50 on-the-spot fine, and the industrial polluter is likely to get imprisonment as a punishment (or we would at least hope so, under our government, they'd probably get a performance bonus, and public subsidy to clean up the mess).

Meta haven't been "singled out", they have been noticed, and prosecuted, according to the law, for a serious breach of it.