How Meta got caught up in US-EU tensions | CNN Business
0
0
CNN
—
Meta, the parent of Facebook, has become perhaps the most high-profile casualty of a long-running privacy dispute between Europe and the United States, but it may not be the last.
Meta has been fined 1.2 billion euros ($1.3 billion) by European Union regulators for violating EU privacy laws by transferring the personal data of Facebook users to servers in the United States. Meta said Monday it would appeal the sentence, including the fine.
The historic fine against Meta, and a potentially changing legal order that could force Meta to stop transferring EU users’ data to the United States, is not just a one-off decision limited to that company or its individual business practices. It reflects larger and unresolved tensions between Europe and the United States over data privacy, government surveillance and regulation of Internet platforms.
Those underlying and fundamental disagreements, which have endured for years, have now come to a head, casting a significant shadow over thousands of businesses that rely on EU data processing in the United States.
Beyond its huge economic implications, however, the fine has once again highlighted Europe’s deep distrust of America’s surveillance powers, just as the US government is trying to build its own case against foreign-linked apps like TikTok for similar surveillance concerns.
The origins of Meta’s fine this week go back to a 2020 ruling by Europe’s top court.
In that decision, the Court of Justice of the European Union overturned a complex transatlantic framework that Meta and many other companies had previously relied on to legally move data from EU users to US servers in the normal course of the management of their businesses.
This framework, known as Privacy Shield, was the result of European complaints that US authorities did not do enough to protect the privacy of EU citizens. At the time the Privacy Shield was created, the world was still reeling from the revelations made by National Security Agency leaker Edward Snowden. His revelations highlighted the broad reach of US surveillance programs such as PRISM, which allowed the NSA to snoop on the electronic communications of foreigners while using technology tools created by Google, Microsoft and Yahoo, among others.
PRISM was based on a basic fact of the Internet’s architecture: Much of the world’s online communications take place on US-based platforms that route their data through US servers, with few legal protections or resources for foreigners or Americans caught up in tracking.
A 2013 European Parliament report on the PRISM program captured the EU’s sense of alarm, noting the “very strong implications” for EU citizens.
“PRISM appears to have enabled an unprecedented scale and depth of intelligence gathering,” the report said, “which goes beyond the fight against terrorism and beyond the espionage activities carried out by liberal regimes in the past This can lead to an illegal form of total information awareness where the data of millions of people is subject to collection and manipulation by the NSA.
The Privacy Shield was a 2016 US-EU agreement designed to address these concerns by making US companies certifiably responsible for the handling of EU users’ data. For a while, it seemed as if the Privacy Shield might be a lasting solution that would facilitate the growth of the Internet and a globally connected society, in which the free flow of data would not be impeded.
But when the EU’s Court of Justice invalidated that framework in 2020, it reiterated long-standing surveillance concerns and insisted that the Privacy Shield still did not provide EU citizens’ personal information with the same level of protection in the United States than in EU countries, a standard. required by GDPR, the EU signature privacy law.
The loss of the Privacy Shield created enormous uncertainty for the more than 5,300 businesses that depend on the seamless transfer of data across borders. The US government has said that transatlantic data flows support more than $7 trillion in economic activity between the United States and the European Union each year. And the US Chamber of Commerce has estimated that transatlantic data transfers account for roughly half of all data transfers in both the US and the EU.
The Biden administration has moved to implement a successor to Privacy Shield that contains some changes to US surveillance practices and, if fully implemented on time, could prevent Meta and other companies from having to suspend transatlantic transfers of data or some of its European operations. .
But it is unclear whether these changes will be enough to be accepted by the EU, or whether the new data privacy framework could avoid its own legal challenge.
The prospect of data transfers between the US and the EU being seriously disrupted is refocusing scrutiny on US surveillance law just as the US government has been sounding its own surveillance alarms of the Chinese government.
US officials have warned that China could try to use data collected from TikTok or other foreign-linked companies to benefit the country’s intelligence or propaganda campaigns, using personal information to identify targets of ‘espionage or to manipulate public opinion through targeted disinformation.
But America’s moral authority on the issue risks being eroded by EU criticism, a problem for the US government that can only be exacerbated by its own missteps.
Last week, a federal court described how the FBI improperly accessed a vast intelligence database meant to surveil foreign nationals in an attempt to gather information about rioters at the U.S. Capitol and those who protested the killing of George Floyd in 2020.
The improper access, which was not “reasonably likely” to retrieve foreign intelligence information or evidence of a crime, according to a Justice Department assessment outlined in the court’s opinion, has only inflamed domestic critics of the US surveillance law and could give the EU ammunition. critics
The intelligence database in question was authorized under Section 702 of the Foreign Intelligence Surveillance Act, the same law used to justify the NSA’s PRISM program and which the EU has cited repeatedly as a danger to its citizens and a reason to suspect transatlantic data sharing.
While the US is distinguished from China by commitments to open and democratic governance, the EU’s concerns about the US are not that different: they come from a place of deep mistrust of broad surveillance authority and suspicions about the possible misuse of user data. .
For years, civil liberties advocates have argued that Section 702 allows for warrantless spying on Americans on an enormous scale. Now, the FBI incident can only further validate the EU’s fears; adding to the existing concerns that led to Meta’s fine; contribute to the potential disintegration of the US-EU data relationship; and damage US credibility in its push to warn about the hypothetical risks of letting TikTok data flow to China.
If a new transatlantic data deal is delayed or collapses, Meta won’t be the only company footing the bill. Thousands of other companies may be caught in the middle, and the U.S. will have to hope no one looks too closely at why as it continues to try to make a case against TikTok.
.
