Don’t Judge Us on Our Fines, Meta’s EU Data Watchdog Pleads

Europe’s groundbreaking privacy law risks being damaged if massive fines for Silicon Valley are the only yardstick for success, Ireland’s beleaguered data protection chief warned.
Without agreed standards, “a narrative has emerged in which the number of cases, and the quantity and size of the adminrative fines levied, are treated as the sole measure of success,” said Helen Dixon, whose under-fire Irish agency oversees the many U.S. tech firms that made her nation their EU base.
Complex cases involving some of the world’s biggest companies “impacting on millions of people” can’t be measured “side side with a two-line treatment of a comparatively simple issue that has minimal ramifications,” she added.
The EU’s General Data Protection Regulation, or GDPR, empowers EU data regulators to levy penalties of as much as 4% of a company’s annual revenue for the most serious violations.
The rules put the Irish Data Protection Commission in charge of some of the world’s biggest tech firms, including Meta Platforms Inc. and Apple Inc. But tensions have been building in recent years over the amount of time the authority is taking to complete probes.
The Irish watchdog had 30 EU-wide probes open at the end of last year, targeting the likes of Apple, Alphabet Inc.’s Google and Twitter Inc., as well as Meta’s Facebook, WhatsApp and Instagram. It also opened two investigations into teDance Ltd.’s TikTok last year.
The two biggest fines under GDPR so far included a 225 million-euro ($255 million) penalty for WhatsApp the Irish authority last year, and a record 746 million-euro fine for Amazon.com Inc. its lead privacy watchdog in Luxembourg.
Dixon’s warnings come as her office is finalizing a potentially landmark decision that could paralyze transatlantic data flows and risk billions in revenue for Big Tech as well as thousands of other companies.
At issue are the legality of so-called standard contractual clauses that emerged as the main workaround after the EU’s top court banned an EU-U.S. privacy pact.
Judges said that the accord didn’t stop American agencies from gaining access to private information about European citizens, a problem that wasn’t fully solved the alternative of using contractual clauses.
With no other legal data transfer tool available in the immediate future, Meta warned in its latest annual report that it will “likely be unable” to offer services including Facebook and Instagram in the EU.