Yeah, especially when in the case of the fine for consent about personal ads, the fine was for violations before the law was in place.
That is an insane precedent. Most legal systems understand that applying laws retroactively is a really big no no, as it can create a massive overreach of power in the future, and also creates a hugely unpredictable present, if any time in the future you can be liable.
The EU's obsession with getting money from US tech companies is leading it down really dangerous paths.
> The EU's obsession with getting money from US tech companies is leading it down really dangerous paths.
Gotta love the menacing language.
If Meta is not happy with the fines they have multiple options:
1) Actually respect regulations. It's not that hard for a company with so many resources.
2) Stop operating in EU
There is no dangerous path for the EU here. The block has the right to define it's regulations, and companies have to comply or be justly punished. That's all there is to it.
It's great that you have a non-publicly available newsletter as a source, but if you read the DPC item [1] you'll see that it's just about the GDPR. What Ben probably does not understand, is that the fine is not about the TOS change _before_ the GDPR came in effect, but about the fact that data was processed without valid legal basis _after_ the GDPR came in effect as the TOS change and an 'I accept' button was simply not sufficient.
Can you provide a link or the full quote of the relevant section, so that we can see what’s going on here? My expectation is that he’s misunderstanding the situation.
To be fair, it is not 100% clear on my original post that I am not talking about this fine but a previous one. But if you read it carefully that is was I say. And here is Ben thompson on 11th January 2023:
"In short, Meta can not make access to its personalized social media services contingent on accepting personalized advertising; moreover, the company was fined for having done just that, despite the fact their regulator agreed with them that that was acceptable.
I find this decision disturbing for two reasons. First, it seems unduly punitive that Meta can be fined a material amount for an approach that is not only reasonable on its face (more on this in a moment), but also one that its primary regulator agreed was appropriate. GDPR is not clear on this point, and it’s ridiculous that a company can be retroactively fined for not reading the minds of EU bureacrats.
Second, and more importantly, the fact that Meta must offer personalized social networking to users — which uses their data! — but cannot tie that to offering personalized ads — which uses their data in the exact same way, and without sharing or selling that data to advertisers — is a completely arbitrary attack on Meta’s ability to do business. Let me reiterate that point: serving a video or a post in your Facebook feed is no different from serving an ad; it is Facebook that is choosing what to serve you, not an advertiser, who has no access to users or their data. It’s all just bits, it just so happens that some of those bits make Meta money. That, apparently, is the crime here (and a callback to the Google Shopping case)."
Do you still think the EU is acting like a fair player? When in fact they are both a player and the referee? This type of behavior is exactly why there wont ever be any major innovation in the EU. And I live here btw.
There is nothing in there about retroactively applying laws. If there is anything, it may be that the laws were(/are) unclear.
The Irish DPC states they never approved anything (but there has been discussions between various European data protection authorities and the EDPB during the investigation). See for example 2.44 or 2.46 of the report [1]:
> It is factually not the case that the Commission endorsed or approved of the Terms of Service and Data Policy of Facebook or indeed of any other organisation
and
> To the extent that Facebook seeks to rely on or has ever relied on any consultative process with the Commission in order to defend the lawfulness of a particular practice, this has been in error. More pertinently, for present purposes, Facebook makes no such argument in the context of this Complaint. This is because the Commission never provided any such approval in this case nor does it do so in the context of its engagement and consultation role more generally
If you look at the final decision on Meta, you'll see that most of the fine (80+70=150 million) is for the fact that Meta was not clear on what they were doing with user's data. Only the last 60 million is about the actual legal ground of the processing. So the past that Ben Thompson mentions essentially skips 70% of the fines.
And yes, the data protection authorities are acting like a fair player and they are not the referee. We have courts for that (and this will find it's way through the courts, no worries).
Yes, it wasn't clear initially which fine you were writing about. But, if the fine was referring to activity that occurred after the GDPR entered into force, it is inaccurate to say that it was retroactive - it was simply that the Irish regulator misunderstood or misenforced the law according to the courts, but for a company as sophisticated as Meta, that shouldn't be an excuse. They have far more legal expertise on staff than the Irish DPA.
And, no, nobody is forcing Meta to offer personalized social networking to users in the EU. Meta is free to decline to do so. The EU is simply forcing them to decouple consent to such a service from consent to receive personalized ads. It is a valid social policy choice to want to differentiate those processing purposes, even if Meta doesn't like it. I do.
To the extent that the EU is not acting like a fair player here, it is by disrespecting the democratic will of the EU population as expressed through their EU representatives by inadequately enforcing the GDPR.
I think it's good that the regulatory capture and the intentional Irish government policy of underfunding which currently applies to the Irish DPA is not as successfully a "get out of jail free card" for non-compliance in the EU as equivalent circumstances are in the US. Many thanks to noyb.eu for filing complaints and to the EU courts and the European Data Protection Board for taking them seriously.
>The EU's obsession with getting money from US tech companies is leading it down really dangerous paths.
Yeah shame on EU for issuing fines for the anti-consumer, privacy abusive and illegal practices of the saint ad-ware empires of US big-tech companies. How dare they protect their citizens? Don't they know big-tech should be left unregulated to abuse people so billionaires can become trillionares?
Speaking of double standards it's funny how the US keeps wanting to ban Chinese TikTok for doing the same abusive data collection Meta and Google was doing without issues.
That is an insane precedent. Most legal systems understand that applying laws retroactively is a really big no no, as it can create a massive overreach of power in the future, and also creates a hugely unpredictable present, if any time in the future you can be liable.
The EU's obsession with getting money from US tech companies is leading it down really dangerous paths.