The significant fine sends a clear message to all digital service providers
The European Union (EU) has imposed a historic €1.2 billion ($US1.29 billion) fine on Meta, the owner of the Facebook social media platform, for its failure to adequately protect the data of European Facebook users stored and processed in US data centres. The penalty, the largest ever under GDPR regulations, stems from the EU’s concerns regarding artificial intelligence (AI) and Generative AI (GenAI), as revealed by research conducted by leading data and analytics company GlobalData.
Emma Mohr-McClune, Chief Analyst of Telecoms Practice, Technology at GlobalData, commented on the significant fine, stating that it sends a clear message to all digital service providers intending to expand advertising and targeting products through AI and GenAI, especially when applied to personal data of European Facebook users stored in US data centres. Mohr-McClune emphasized that such practices would no longer be viable in the age of AI and GenAI.
While Meta has announced its intention to appeal, Mohr-McClune believes the company has reasonable legal grounds for its case. Meta has been using the same Standard Contractual Clauses (SCCs) legal tool employed by all US digital service providers since 2020, a tool that had previously gained approval from the EU. Furthermore, the company can argue that it has been unfairly singled out for the penalty, presenting a discrimination argument in support of its appeal. Lastly, the industry is awaiting the publication of a new framework, agreed upon last year by US President Joe Biden and European Commission President Ursula von der Leyen, which could come into effect within months.
Mohr-McClune noted that the stringent approach by the EU is driven by concerns over AI. The recent advancements in AI and GenAI are poised to revolutionize digital and mobile advertising targeting techniques, and as advertising constitutes the primary revenue stream for Meta’s Facebook platform, this fine serves as a call to action. The EU’s message extends to all US digital players, urging them to either devise a federated system that allows European Facebook data to remain in Europe, where GDPR privacy standards can be better enforced, or to lobby the US government to tighten surveillance laws to align transatlantic data flows more closely with GDPR standards. However, Meta is unlikely to embrace this message wholeheartedly.
Presently, Meta operates approximately 20 data centres globally, with the majority based in the US and only three located in Europe. The construction of Meta’s most recent European data centre required a €1.7 billion investment and took two years before becoming operational in 2019. Further investment in European data centres is not currently on Meta’s agenda, especially given CEO Mark Zuckerberg’s ongoing “Year of Efficiency” cost-saving initiative, which has already involved several high-profile rounds of layoffs.
In conclusion, Mohr-McClune acknowledges that Meta has not been at the forefront of AI and GenAI development thus far, and there are larger players with more advanced AI strategies that also process European data in the US, which EU data privacy agencies could have targeted. However, the EU’s choice to penalize the Facebook platform signifies a broader message, potentially paving the way for more significant GDPR violation fines related to transatlantic data flows.