Editorial: Meta Ireland ruling is a shot across the bows of other ‘Big Tech’ companies
The terrible consequences of the financial crash brought us face to face with the term “too big to fail”.
The exponential growth of the tech industry, an expansion which rapidly out-paced prospects of regulating it, has opened up questions about being “too big to fine”.
Their profits are of a magnitude that penalties bounce off them as if taking a pea-shooter to a tank. But the record €1.2bn fine on Facebook owner Meta for violating European privacy rules, by Ireland’s data regulator, will be seen as a realistic attempt to rein in the firm.
Doubtless there will be many who still believe that horse has already bolted. It may have been the highest ever sanction for violation of European privacy laws, but as seen by the previous biggest fine – €746m imposed on Amazon – in an industry where colossal sums are made annually, such amounts could be regarded as a drop in the ocean.
The ruling will not just affect Meta Ireland, however. It lays down a marker for the EU’s intentions on data transfers to the US, and so is a shot across the bows of other companies.
The decision has a long tail going back a number of years to the battles waged by campaigner Max Schrems. He sought protection of Facebook’s European user data from US intelligence agencies once it is transferred to the US.
It was accepted Meta updated its data transfer arrangements after a judgment by the European Court of Justice (ECJ).
The ECJ had ruled its procedures did comply with European laws. But they did not go far enough to manage the risks to the fundamental rights and freedoms of individuals.
Because Meta Ireland continued to transfer personal data, it was found to have broken the rules. The company is intent on appealing the ruling.
The data commissioner was compelled to act. The EU has charged each country with policing Big Tech where a firm has its European headquarters, and Ireland is home to many.
Fairly or otherwise, Ireland has been perceived as a bottleneck for the EU’s enforcement because of the slow pace at which cases were processed.
The ruling will inevitably have knock-on affects for all firms involved in international transfer of personal data. But stringent data controls exist for a reason and need to be both observed and operated fairly. Protecting a citizen’s privacy is likely to be an ongoing battle.
A deal done between US president Joe Biden and the EU last year will hopefully bring some more clarity and definition to the situation.
Billions are tied up in transatlantic data flows. But the fundamental right to privacy of Europeans has to be guarded.
The US government’s right to keep its citizens safe from attack is understandable.
But cooperation between friendly countries on security can surely address this without the need for any covert or heavy-handed invasion of personal privacy.
Unfettered access to European’s personal information can never be permitted.