Opinion | European regulators signal they are fed up with Facebook

On Monday, European regulators fined Meta $1.3 billion for not adequately protecting user data as it was transferred from Europe to the United States. That’s a record-breaking fine for a tech company in Europe (though it will have minimal impact on Meta’s finances — by the end of the week, Meta will have earned enough to cover it, based on first-quarter results).

This time, though, it’s not just Meta that’s in the crosshairs. European regulators are signaling they are fed up with Facebook — and expect Big Tech broadly to fall into line, too.

In addition, European regulators are rightly demanding that U.S. authorities get their house in order. Europe’s data privacy regime isn’t perfect. But a more cooperative and conclusive regulatory framework from U.S. authorities is needed.

Meta’s reaction shows this is a significant moment. Nick Clegg, Meta’s president of global affairs, said the decision “is flawed, unjustified and sets a dangerous precedent” and groused that Meta was being “singled out.”

Indeed. That’s the point. The regulator wants to make an example of Meta. The fine tells all tech firms that certain behaviors won’t be tolerated.

What exactly has the Europeans so upset?

It is against Europe’s tough data privacy rules for firms to process and store data from European users outside of Europe, including in the United States. For years, some of the biggest tech firms have more or less ignored that.

Meta itself was warned in 2020 that the way it handled European users’ data was not compliant with European Union laws. Yet the firm has done little to fix that. Europe’s privacy watchdogs said in their ruling that Meta “committed the infringement at least with the highest degree of negligence.”

At the heart of the decision are two key issues. One is the broader contextual concern: that big tech companies often don’t care that they flout rules and laws, because they think their might means they can get away with it.

Then there is the specific problem: User data isn’t safe in the United States. This might be hard for Americans to swallow. But what passes for data privacy rights in the United States is not always the same as what is acceptable elsewhere. European politicians, lawyers and data rights activists hold the view that the United States doesn’t do enough to protect user data. And European regulators have told Meta its attempts to bridge the data protection gap aren’t sufficient. The alternative, building out functional user storage capability in Europe to serve the E.U., would be costly, and Meta seems to have decided not to bother.

There is some irony in all of this. The parallel case in the United States relates to Chinese social media app TikTok. American politicians have criticized the app in part because of the perception that data from American users could be shipped back to China for analysis and spying. The U.S. government has compelled TikTok parent ByteDance to spend billions onshoring data processing and storage facilities solely for U.S. users. Among the biggest supporters of such restrictive measures has been Meta, whose extensive lobbying on Capitol Hill has framed TikTok as a risk to national security.

Now that the shoe is on the other foot, Meta doesn’t seem keen on the idea that shipping data across borders is a problem.

In reality, the company is also caught up — like TikTok — in a broader geopolitical brouhaha.

In October, President Biden signed an agreement with his European counterparts for a Trans-Atlantic Data Privacy Framework, pledging to work together on a common set of data privacy safeguards. In February, Europe’s Data Protection Board — an independent group that advises the E.U. on data privacy matters — said it welcomed some initial progress on the U.S.-E.U. framework but also outlined a long list of issues that are yet to be resolved.

A deal on a final set of rules is expected by the end of the summer. That could be critical to Meta — without a clear set of rules on data privacy that applies on both sides of the Atlantic, the firm could be forced into the near-impossible task of untangling and deleting all the E.U. user data it has stored in the United States.

That’s why this fine is a much bigger deal than the financial hit to Meta. It’s also a shot across the bow in a much bigger geopolitical battle and a warning that, in Europe at least, data privacy is a serious matter.