Meta’s been in the news a lot lately for reasons they’d rather not be famous for: privacy violations. Yesterday’s announcement that Meta was recently fined $1.3B for violating E.U. Data privacy rules isn’t even the first such massive fine for the social media giant in the last 6 months: in November they got hit with a $275M fine for largely breaking the same rules regarding cross-border data transfer.
From the New York Times: “Regulators said the company failed to comply with a 2020 decision by the European Union’s highest court that Facebook data shipped across the Atlantic was not sufficiently protected from American spy agencies.”
Facebook hasn’t sufficiently dealt with this cross-border data transfer issue and until they do so, they’ll continue to be fined. Google’s racked up almost a half billion dollars in fines from the E.U. for largely the same reasons. Anyone paying attention will note that the fines dramatically increase upon repeated violations, so it is imperative that companies less well-heeled than these two giants make sure they have a game plan going forward.
“Regulators said the company failed to comply with a 2020 decision by the European Union’s highest court that Facebook data shipped across the Atlantic was not sufficiently protected from American spy agencies.”
The Cross-Border Data Transfer Problem
Cross Border Data Transfer is the transfer of personal data by controllers established in the European Union (EU) to recipients established outside the territory of the EU/EEA who act either as controllers or as processors. As a general rule, transfers of personal data to countries outside the European Economic Area may take place if these countries are deemed to ensure an adequate level of data protection.
Fundamentally, cross-border data transfer carries risk. And what we see is that companies sometimes employ a “transfer the data and figure out the compliance later” approach. The problem is that the rules governing data transfer still vary quite a bit within the EU. GDPR was supposed to harmonize the rules across the EU, but it hasn’t yet. Standards change all the time, and companies that think they’re following the standard contractual clauses can and do get fined when the rules change.
The good news? Aqfer has an elegant and easily implemented solution to this particular problem, one that allows our customers to never worry about privacy issues when it comes to consumer data today. We believe that only edge-based deployment of tags protects across the entire spectrum of web deployment scenarios, across all the various rules governing how companies collect data from consumers internationally.
We offer a Universal Tag Solution that, unique to the marketplace, understands and deals with privacy regulations that apply to the location of each and every user regardless of where they reside. In short, ours is a true first-party tag solution, deployed via the Akamai CDN, which enables airtight in-region privacy control no matter where you operate across the world.
In short, there is no safe harbor, and ignorance of the rules is not a defense – so hold yourself to the highest possible standards. We are confident that the Aqfer approach – an edge-based deployment with in-jurisdiction privacy determinations – is the highest possible standard to ensure you never have cross-border data transfer problems.