Meta fine shows EU is ‘regulatory superpower,’ Northeastern expert says

A photo of Meta headquarters in Dublin
The record $1.3 billion fine on Meta, headquartered in Dublin (above), reveals different approaches to privacy between the EU and the U.S., says Northeastern professor Mai’a Cross. Picture date: Wednesday November 10, 2021. Photo by Brian Lawless/PA Wire URN:63647369 via AP Images

Meta was fined a record $1.3 billion for violating the privacy of Facebook users in Europe, which further establishes the European Union as a “regulatory superpower,” says Mai’a Cross, dean’s professor of political science, international affairs and diplomacy, and director of Northeastern’s Center for International and World Cultures.

Facebook was found to have transferred private information to the U.S. in violation of the EU’s General Data Protection Regulation, its groundbreaking 2018 data privacy law that established standards in Europe and beyond. 

headshot of Mai'a Cross
Mai’a Cross, dean’s professor of political science, international affairs and diplomacy, and director of Northeastern’s Center for International and World Cultures. Photo by Matthew Modoono/Northeastern University

“The EU is a huge [consumers] market, second only to the United States,” Cross says. “And so the EU can unilaterally make stringent rules—and it has, up to this point.”

While holding the American company to account, the EU is also negotiating with the U.S. to establish ground rules by which Meta and other companies could keep transferring such information across the Atlantic. In the meantime, Meta says it will appeal the EU fine.

“There’s very clear evidence that Facebook probably swayed both the Brexit vote as well as the U.S. election for Donald Trump,” Cross says. “It’s not just about protection of individual data. It’s also about the health of democratic processes.”

Cross spoke with NGN about the Meta penalty, differences between the European and American approaches to the digital world, and the ongoing influence of Russia’s war in Ukraine. Her comments have been edited for brevity and clarity.

What do you make of the fine on Meta?

The fine is unprecedented. It sends a message to all of the tech companies that the EU takes citizens’ privacy more seriously than the U.S. does. That’s why you’re seeing this clash in norms and laws about what you can do with people’s data. 

The EU has a long tradition of focusing on fundamental rights, human rights and protections of citizens. The world is trying to catch up with how to regulate this sphere of interaction—and the EU is ahead in this regard.

How would you contrast the approaches of the EU and U.S.?

If we take the big-picture scale of things, the United States has been a beacon of how to form a great democracy and protect fundamental rights. But we’re now in this era of rapid change technologically. And so, even with the long-standing American commitment to protect a vibrant civil society, the Europeans are ahead in terms of regulation. 

Some of this is stemming from the EU’s tradition of social democracy. The social welfare system in Europe is much stronger than it is in the United States. In terms of data, the U.S. is a lot more loose, and the EU is more restrictive to protect its own citizens. 

I think also there’s some reaction to the revelations that Edward Snowden put forward on just how far some of these private companies are going. So this is being driven rapidly forward by the interests of private companies and the profits and innovations they want to achieve. Governments are left to set up structures that protect people. And then we’re seeing gaps and failings in terms of the intelligence community gathering data about citizens without their knowledge. 

In this particular ruling against Meta, the concern in Europe is that there is very little understanding of how that data could be used in the U.S.

How do you factor in the ongoing negotiations over data sharing with the U.S.—as well as the anticipated EU position on AI, which will be staking a claim that goes beyond the U.S. approach?

There was an effort a couple of years ago for the U.S. and the EU to align when it comes to precisely this issue that Meta is being fined for—the data transfer—and that previous attempt didn’t work. They’re now trying a new negotiation, hopefully to be decided upon in the fall, so that the U.S. and Europe are operating by the same rules, which makes things a lot clearer for the companies involved.

It’s not easy, though, because you have the EU pushing for more protections for people and the U.S. wary of constraining companies.As far as AI, I would expect that the EU will take a similar approach, as it has been doing so far, which is to think about the protection of citizens, the safeguarding of democracy and the guardrails that need to be put up so that corporations aren’t pursuing profit without regard to the ethical dimensions of what they’re doing with this data.

Is the EU more unified politically than the U.S., where the leadership is so highly polarized? Has the war in Ukraine strengthened that sense of European unification?

My sense is they are more unified in the EU. 

And now, facing this unprecedented threat that has broken the track record of peace in Europe since World War II, it has become paramount that all EU member states find ways to speak with one voice. You see reverberations of this not only in the direct response to sanctions [on Russia] and the provisions of military and humanitarian support, but also in looking forward to the longer term and what the EU should do to shift its overall strategy on Russia in the security and defense realm.

Before [Russia President Vladimir] Putin invaded Ukraine, the concern was more on the cyber side. And yet we have not seen major successful cyber attacks from Russia. One possible explanation for this is that European countries and companies have become much better at defending against cyber attacks. 

Ian Thomsen is a Northeastern Global News reporter. Email him at i.thomsen@northeastern.edu. Follow him on Twitter @IanatNU.