Irish regulators fine Meta for not safeguarding user data

Data regulators in Ireland fined Meta earlier this week for failing to safeguard the sensitive information of Facebook users. The tech giant was fined the equivalent of about $275 million for a 2019 data leak, when personal information from more than 500 million Facebook users was scraped off the site and then published in a hacker forum.

Marketplace’s Kimberly Adams spoke with Adam Satariano, a tech correspondent for The New York Times based in London, who reported on this story. He said this recent punishment is just one of several fines the Irish government has imposed on Meta, and it’s part of a larger trend. The following is an edited transcript of their conversation.

Adam Satariano: Europe has become a real center for a lot of the regulatory action against the tech industry. And Ireland, even though it’s a sort of small country, is really at the center of it because Meta’s headquarter’s in Europe is based in Ireland, and therefore the regulators there are in charge of enforcing all sorts of different laws that have been passed targeting the tech industry.

Kimberly Adams: Lots of tech firms have their headquarters in Ireland. What does it mean that they’re really starting to crack down on these things?

Satariano: Yeah, there’s a few different reasons why the companies go there. I mean, [being an] English-speaking country is a big part of it. But even more importantly, Ireland has very favorable corporate tax systems, so the companies definitely take advantage of that. Ireland has faced a lot of criticism that it hasn’t been enforcing these data protection laws in particular. And so now there’s signs that they’re starting to pick up the pace and to be more aggressive. You’ve had these three judgments against Meta over the past year or so. I was speaking to the the Irish Data Protection Commission, and they said they have 13 more investigations underway. You could see some more fines coming even within the next month or so.

Adams: So what’s been Meta’s response to all of this?

Satariano: They are appealing a few of these. And so it will be very interesting to see how these play out through the court system, because a company like Meta has a very plentiful legal budget to hire a lot of the top lawyers that they can to fight these sorts of things. And so there was another ruling against Meta with respect to WhatsApp, there was another one with respect to Instagram. And now this one related to the data scraping that we’ve been talking about. And so they’re appealing at least two of those, so now you have this small Irish agency that’s going to be going against Meta in courts about upholding these judgments.

Adams: The appeals that Meta is doing, are they specifically appealing Monday’s fine as well?

Satariano: They have not said yet. They said, “We are reviewing the decision.”

Adams: Are these fines and penalties and just general attention from regulators, is all this enough to actually change Meta’s behavior?

Satariano: I mean, that’s really the billion-dollar question, I guess, is what it’s going to take to get the companies to change their policies. In some respects, it has started to change how the companies process data. Facebook has said that, for instance, related to the Instagram investigation that they faced, that was with respect to how it handled the data of young people, children. They’ve since changed some of the way that they process data related to young people. And so you see some areas in which it is having an effect. Critics of the company, and internet companies in general, the practices of how they collect data and sort of parse data, enabled to target advertising and do other things, say that it’s not going far enough. But others would say it is a step in the right direction.

Adams: The EU has some of the more strict data protection laws globally, especially with the General Data Protection Regulation that some folks may have heard about, GDPR. How is that affecting the landscape of tech regulation globally?

Satariano: The GDPR was enacted in in 2018, and it was seen as a real landmark piece of legislation. And you’re seeing that it’s influencing other countries and states, like California, as well. Brazil has passed a similar law, the U.K., which is no longer part of the European Union, has something similar. Japan and Korea as well. And so you’re seeing these sorts of rules, which basically just put tighter safeguards around how the companies are able to process data, what can be shared between companies. But the key to all this is how it’s going to be enforced. And thus far, I think many critics would say that these rules have not been enforced strongly enough. And so these rulings, like you saw over the past week of Meta, are seen as sort of a welcome change.

Adams: I wonder, with so many other countries starting to, or states here, in the case of California, taking cues from the EU when it comes to tech regulation, are they pretty much creating the future internet that those of us here in the United States are going to be operating in?

Satariano: Some people think so, yes. The EU is absolutely setting the kind of baseline for regulation. And it’s something that some researchers have called the Brussels effect. And in essence, a company of Facebook size or Google size or Apple size will comply with the European regulations and use that as sort of a global standard, because it’s easier to apply globally than to have it sort of geofenced around Europe, and then have your U.S. rules and your rules for other parts of the world. And so you are starting to see that happen. In an in addition to the data protection rules, you have some new laws taking effect over the next couple of years with respect to competition, and also around content moderation on on social media. And so I’m very curious to see how the companies apply those and whether or not those are going to become global standards as well.

Adams: How does the way that Europe is sort of cracking down on tech firms compare to what we’re doing here in the U.S.?

Satariano: Europe in some ways is a few years ahead of where the U.S. is. It’s kind of a preview perhaps, of where things can go. There is data protection legislation that’s being considered, there’s different competition laws that are being considered. And so Europe in some ways is kind of a preview of what could come in the United States. And so a lot of people are watching closely to see how a lot of these different rules and regulators enforce them and what that means for the future.

Stories You Might Like

EU levies biggest-ever data privacy fine against Meta

Meta’s pixel code tracks students from kindergarten to college

The U.S. is talking, and the EU is regulating. Is any of it slowing down Big Tech?

U.S. regulators are getting serious about Big Tech. Or are they?

Meta’s pixel code helps businesses reach online customers, but shares sensitive data about them

03/20/2018: U.K. regulators demand answers from Facebook, Cambridge Analytica