Issue link: https://maltatoday.uberflip.com/i/1499951
14 WORLD maltatoday | WEDNESDAY • 24 MAY 2023 FACEBOOK-PARENT Me- ta has perhaps become the most high-profile casualty of a long-running privacy dispute between Europe and the United States — but it may not be the last. Meta has been fined a re- cord-breaking €1.2 billion ($1.3 billion) by European Union reg- ulators for violating EU privacy laws by transferring the personal data of Facebook users to servers in the United States. Meta said Monday it would appeal the rul- ing, including the fine. The historic fine against Meta — and a potentially game-chang- ing legal order that could force Meta to stop transferring EU users' data to the United States — isn't just a one-off decision limited to this one company or its individual business practic- es. It reflects bigger, unresolved tensions between Europe and the United States over data privacy, government surveillance and regulation of internet platforms. Those underlying and funda- mental disagreements, which have simmered for years, have now come to a head, casting a significant shadow over thou- sands of businesses that depend on processing EU data in the United States. Beyond its huge economic im- plications, however, the fine has once again highlighted Europe's deep mistrust of US surveillance powers — right as the US gov- ernment is trying to build its own case against foreign-linked apps such as TikTok over similar surveillance concerns. Origins of a historic fine The origins of Meta's fine this week trace back to a 2020 ruling by Europe's top court. In that decision, the European Court of Justice struck down a complex transatlantic framework Meta and many other companies had been relying on until then to legally move EU user data to US servers in the ordinary course of running their businesses. That framework, known as Pri- vacy Shield, was itself the out- growth of European complaints that US authorities didn't do enough to protect the privacy of EU citizens. At the time Privacy Shield was created, the world was still reeling from disclo- sures made by National Security Agency leaker Edward Snowden. His disclosures highlighted the vast reach of US surveillance programs such as PRISM, which allowed the NSA to snoop on the electronic communications of foreign nationals as they used tech tools built by Google, Mi- crosoft, and Yahoo, among oth- ers. PRISM relied on a basic fact of internet architecture: Much of the world's online communi- cations take place on US-based platforms that route their data through US servers, with few legal protections or recourse for either foreigners or Americans swept up in the tracking. A 2013 European Parliament report on the PRISM program captured the EU's sense of alarm, noting the "very strong implica- tions" for EU citizens. "PRISM seems to have al- lowed an unprecedented scale and depth in intelligence gath- ering," the report said, "which goes beyond counter-terrorism and beyond espionage activities carried out by liberal regimes in the past. This may lead towards an illegal form of Total Informa- tion Awareness where data of millions of people are subject to collection and manipulation by the NSA." The rise and fall of Privacy Shield Privacy Shield was a 2016 US- EU agreement designed to ad- dress those concerns by mak- ing US companies certifiably accountable for their handling of EU user data. For a time, it seemed as if Privacy Shield could be a lasting solution facilitating the growth of the internet and a globally connected society, one in which the free flow of data would not be impeded. But when the European Court of Justice invalidated that frame- work in 2020, it reiterated long- standing surveillance concerns and insisted that Privacy Shield still didn't provide EU citizens' personal information the same level of protection in the US that it enjoys in EU countries, a standard required under GDPR, the EU's signature privacy law. The loss of Privacy Shield cre- ated enormous uncertainty for the more than 5,300 businesses that rely on the smooth transfer of data across borders. The US government has said transatlan- tic data flows support the more than $7 trillion dollars of eco- nomic activity that occurs every year between the United States and the European Union. And the US Chamber of Commerce has estimated that transatlantic data transfers account for about half of all data transfers in both the US and the EU. The Biden administration has moved to implement a successor to Privacy Shield that contains some changes to US surveillance practices, and if it is fully imple- mented in time, it could prevent Meta and other companies from having to suspend transatlantic data transfers or some of their European operations. But it's unclear whether those changes will be enough to be accepted by the EU, or whether the new data privacy framework could avoid its own court chal- lenge. US surveillance under scrutiny The possibility that US-EU data transfers may be seriously dis- rupted is refocusing scrutiny on US surveillance law just as the US government has been sound- ing its own alarms about Chinese government surveillance. US officials have warned that China could seek to use data collected from TikTok or oth- er foreign-linked companies to benefit the country's intelligence or propaganda campaigns, us- ing the personal information to identify spying targets or to ma- nipulate public opinion through targeted disinformation. But US moral authority on the issue risks being eroded by the EU criticism, a problem for the US government that may only be compounded by its own mis- steps. Just last week, a federal court described how the FBI improp- erly accessed a vast intelligence database meant for surveilling foreign nationals in a bid to gather information on US Cap- itol rioters and those who pro- tested the 2020 killing of George Floyd. The improper access, which was not "reasonably likely" to retrieve foreign intelligence in- formation or evidence of a crime, according to a Justice Depart- ment assessment described in the court's opinion, has only inflamed domestic critics of US surveillance law, and could give ammunition to EU critics. The intelligence database at issue was authorized under Sec- tion 702 of the Foreign Intelli- gence Surveillance Act — the same law used to justify the NSA's PRISM program and which the EU has repeatedly cit- ed as a danger to its citizens and a reason to suspect transatlantic data sharing. While the US distinguishes it- self from China based on com- mitments to open and democrat- ic governance, the EU's concerns about the US are not much dif- ferent in kind: They come from a place of deep mistrust of broad surveillance authority and suspi- cions about the potential misuse of user data. For years, civil liberties advo- cates have alleged that Section 702 enables warrantless spying on Americans on an enormous scale. Now, the FBI incident may only further validate EU fears; add to the existing concerns that led to Meta's fine; contribute to the potential unraveling of the US-EU data relationship; and damage US credibility in its push to warn about the hypothetical risks of letting TikTok data flow to China. If a new transatlantic data agreement is delayed or falls apart, Meta won't be the on- ly company stuck with the bill. Thousands of other companies may get caught in the middle, and the United States will have to hope nobody looks too closely at why while still trying to make a case against TikTok. How Meta got caught in tensions between the US and EU Meta and thousands of other companies will be stuck with the bill if a new transatlantic data agreement is delayed