Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Thursday March 23 2023, @11:23PM   Printer-friendly
from the familiar-story dept.

Use of Meta tracking tools found to breach EU rules on data transfers:

Austria's data protection authority has found that use of Meta's tracking technologies violated EU data protection law as personal data was transferred to the US where the information was at risk from government surveillance.

The finding flows from a swathe of complaints filed by European privacy rights group noyb, back in August 2020, which also targeted websites' use of Google Analytics over the same data export issue. A number of EU DPAs have since found use of Google Analytics to be unlawful — and some (such as France's CNIL) have issued warnings against use of the analytics tool without additional safeguards. But this is the first finding that Facebook tracking tech breached the EU's General Data Protection Regulation (GDPR).

All the decisions follow a July 2020 ruling by the European Union's top court that struck down the high level EU-US Privacy Shield data transfer agreement after judges once again identified a fatal clash between US surveillance laws and EU privacy rights. (A similar finding, back in 2015, invalidated Privacy Shield's predecessor: Safe Harbor.)

noyb ['none of your business' * see below. --Ed] trumpets the latest data transfer breach finding by an EU DPA as "groundbreaking" — arguing that the Austrian authority's decision should send a signal to other sites that it's not advisable to use Meta trackers (the complaint concerns Facebook Login and the Meta pixel).

[...] "Facebook has pretended that its commercial customers can continue to use its technology, despite two Court of Justice judgments saying the opposite. Now the first regulator told a customer that the use of Facebook tracking technology is illegal," said Max Schrems, chair of noyb.eu, in a statement.

[...] noyb argues that the only long-term fix for this issue is either reform of U.S. surveillance law to provide "baseline protections for foreigners to support their tech industry". Or data localization — meaning U.S. providers would be forced to host foreign data outside of the country. And we are seeing some moves in that direction (such as from TikTok, which faces even greater scrutiny than Facebook over matters connected to national security).

It's not clear if data localization is much of a fix for Meta's (or indeed TikTok's) problems, though — given how data-mining users is central to their ad-targeting business model. ("It is well known that due to its US–based system, Meta is categorically unable to ensure that the data of European citizens is not intercepted by US Intelligence agencies," noyb suggests.)

In the meanwhile, a final decision on whether to suspend Meta's EU-US data transfers remains pending from its lead EU DPA, the Irish Data Protection Commission.

So it really is down to the wire on which will come first: A new EU-US data transfers sticking plaster — which would reset the legal challenges and buy Meta a new round of operational breathing space in Europe — or a final DPA order to stop transferring EU users' data over the pond. Although, in the latter case, Meta would certainly appeal a suspension order — so the most likely outcome is that Meta will get to kick the can down the road yet again and European privacy advocates will have to gird themselves for a fresh round of legal challenges, hoping the CJEU will be even faster on pulling the trigger this time.

EU DPAs have shown extreme reluctance to enforce the law around data transfers, dragged their feet when it came to acting on the Court of Justice's July 2020 decision striking down Privacy Shield, for example. So the same scenario could well repeat next time around, creating a cycle of law-breaking that's almost never enforced — and a parody where EU users' fundamental rights should be.

[* - noyb.eu. "noyb uses best practices from consumer rights groups, privacy activists, hackers, and legal tech initiatives and merges them into a stable European enforcement platform.".--Ed]


Original Submission

This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.