Note that there is a process for the regulators from other countries to object to DPC decisions, and this process has been used in the past to increase the fines issued by the DPC to Meta.
Ireland doesn't want to scare away tax revenue from US tech companies, so they strategically under-fund the DPC, effectively making them a bottleneck for GDPR enforcement across the EU as a whole. This has been a point of contention with other regulators.
Ireland's DPC might be taking the hint that it needs to get stricter. The big companies come to Ireland for tax reasons, not for lax enforcement. Enforcement can get a lot stricter without losing them.
They should really tune down the tax breaks too though. They're basically screwing the rest of Europe by allowing these companies to avoid taxes in the whole EU. Just for a few measly jobs (even Apple only has a few thousand employees in return for literally billions of revenue going through the country). https://www.theguardian.com/technology/2020/sep/25/european-...
That money could really have been put to good use in the EU. The EU should present a more united front here IMO instead of allowing companies to cherry pick countries and make them compete against each other for the lowest tax rates.
> The EU was designed to allow countries to compete on this.
Yeah but it shouldn't have been I think. When the EU was 'designed' there was still very strong nationalism and countries were afraid of giving up their sovereignty, it's time to start moving away from this.
> I really think this is a controversial statement. The money can be put to good use in Ireland as well, which is in the EU.
Yes but Ireland isn't getting a lot of money because of the huge tax breaks they provide. The main thing they get in return is a few jobs (and the taxes paid by the employees).
The EU as a whole would gain much more if countries were not able to compete on taxes. Ireland itself might lose out some but the EU overall would gain a lot because there would be a lot less tax avoidance.
Well, from a taxation perspective this is still a key issue. People want their nations to get tax money from international corporations. They are extremely nationalist in this sense.
> the EU overall would gain a lot
I don't think this is an automatic good at all. The EU bodies might gain some money, perhaps even enough to move the EU Parliament a few more times in the year, lovely for the not important EU administrative employees, but that will also result in higher prices for the important people: EU citizens.
Just to lend an Irish perspective. This is not necessarily popular here. Our governments move to sue to prevent having Apple pay 16 billion in tax evasion fines (to Ireland), was extremely unpopular - https://www.bbc.com/news/business-53416206
Just as in the US, there's growing suspicion of the pseudo economic growth that an economy constructed around construction and providing tax avoidance opportunities to big-tech provides. We have one of the worst housing crises in Europe, massive economic inequality, cost of living increases, enormous and growing issues with homelessness and street heroin abuse and so on. Many of which directly track with how the economy has responded to tech firms setting up here.
Meanwhile we don't have the resources for the state to engage in the massive housing construction thats sorely need as our population grows, solve our urban congestion issues, invest in public transport etc.
It's been a terrible deal for Ireland, and the country is in many ways a worse place to live than it was fifteen years ago - during the 'great recession'.
It's not clear that it's necessary for the state to engage in housing construction. There's plenty of money for people to pay for houses. But there has been no building for the last decade while the population has exploded.
Why not? People who have land don't want to sell it, and they don't have to. But neither can they build on it because it's trivially easy to stop any building project by objecting.
So you have one group of people holding on to land like their lives depended on it, trying to increase the value, and another group trying to lower the value of that land and increase the value of their own homes by preventing the owners from building on it.
> There's plenty of money for people to pay for houses.
Well, you really have to mortgage yourself to the hilt to buy a house now in Ireland, it's ridiculous. With a single normal (non-director etc) wage it's almost impossible.
> So you have one group of people holding on to land like their lives depended on it, trying to increase the value, and another group trying to lower the value of that land and increase the value of their own homes by preventing the owners from building on it.
I was told that when the republic was founded land ownership was forbidden (or public or something) to avoid this very thing? But this was a pretty 'severe' person, maybe they were bending the truth. I don't know.
But the objection system is crazy yes. It doesn't explain though how Ireland was one big building site before the credit crisis and now nothing is being built.
The whole country (outside Dublin) is one big empty space and yet houses in such shortage that the prices are extreme :( There's more than enough space for everyone to live comfortably and affordably.
Also, I don't really agree that having houses nearby would decrease the value of the existing ones. Houses in urban areas are generally much more expensive than those in backwater villages. And a lot of people prefer to live in urban areas. In fact this is one of the reasons I left the country. Outside Dublin every town is way too small to have decent services and Dublin is way too expensive to live there.
>There's plenty of money for people to pay for houses. But there has been no building for the last decade while the population has exploded.
Alas that money is not in the hands of those who need them.
I'd suggest that it is absolutely clear that it is essential for the state to build and provide housing, given that there is a massive crisis which the market is utterly incapable of addressing.
>> Alas that money is not in the hands of those who need them.
Well literally everyone needs a home so I have to disagree. No matter who has the money, they need a home. It's not like only a small number of people in Ireland have money.
The issue now is supply. When there isn't enough of something it always gets expensive. The fix is not necessarily to build more cheap homes, it's just to build more homes, period. Even if they're only affordable to middle class people, that's fine because it will free up the cheaper places they're living in now.
>> I'd suggest that it is absolutely clear that it is essential for the state to build and provide housing, given that there is a massive crisis which the market is utterly incapable of addressing.
Why do think the state is capable of addressing it better than the market?
> Why do think the state is capable of addressing it better than the market?
Because the status quo isn't working. There are by contrast state housing provided solutions that are working to allow people to live affordably, even in expensive european countries. See Vienna
> Well literally everyone needs a home so I have to disagree. No matter who has the money, they need a home.
Agreed. Everyone needs and should have a right to a home. However if you have means in Ireland you are likely not in danger of homelessness, likely not living in a literal slum, and can to a much greater extent protect yourself from abusive behaviour from rentiers. You're not in the emergency situation many of us find ourselves in currently.
> The fix is not necessarily to build more cheap homes, it's just to build more homes, period.
Absolutely. We need to build a vast amount of new homes. Most of these need to be much more affordable than the existing supply - which is currently out of the reach of an entire generation - https://www.irishtimes.com/your-money/2023/03/07/housing-cos...
I don't think I can follow your logic here. The private sector isn't building houses, and the government isn't building houses. No one is building houses. How can you use this to conclude that only the government building houses can work?
Presumably there are compelling economic reasons why private builders aren't building enough, but I don't see why the government is not subject to those same reasons.
Worrying about affordability when there's a chronic shortage is focusing on a symptom rather than on the problem itself. They're only unaffordable because there aren't enough. Whenever there isn't enough of something, money decides who gets it and who goes without. That might seem unfair and that's a whole discussion on it's own but the bottom line is that there isn't a fair solution as long as there are more families than homes.
What you are saying used to be true, but is not true anymore. In fact 20% of all Irish tax revenue is corporate tax, paid mostly by the ten largest tech and pharma companies.
Ireland was one of the poorest countries in Europe 30 years ago. Explicit government policy encouraging foreign investment has made it one of the wealthiest.
I don't think Ireland needs to apologise for this; it's a small island nation that choked under colonialism for centuries. When people from former empires, with huge populations and access to continent-spanning infrastructure complain that Ireland is "taking advantage" of them, it strikes me as sour grapes at best.
To be clear, I'm not talking about how it sucked for the Irish a hundred years ago. I'm talking about the country's latent economic disadvantage from being historically impoverished.
If you're in a former empire, you can take advantage of the infrastructure and wealth built by that empire today. You get the roads, rail, architecture, city planning, industry. It hardly seems mentioning but most other countries also have significant natural resources or agricultural output with Europe-wide protected status for various industries and products.
You are also capable of driving, getting a train, or bus to any other European country. You have infrastructure built to handle millions upon millions of people.
Probably better weather too.
Look, I'm not saying Ireland is some sort of woebegone backwater but you have to understand it is a small country with limited natural resources that's more awkward to travel to than its neighbours. It has to do what it can to compete.
Perhaps you don't understand the situation. Ireland is certainly a tax haven, and the number of jobs in Ireland created by the tax arrangements are trivial compared to the amount of business that flows through Ireland on paper. Most of the tech companies which have their 'European headquarters' in Dublin have their real HQs and most of their employees in other EU countries or in the UK.
The fact that tech in general is a relatively large and important employer in Ireland is neither here nor there.
I do understand, but the fact that tech is a massive employer in Ireland is absolutely relevent.
Also, I'm not sure why you think most tech companies with their HQs in Ireland don't have significant presence here?
For example, Google, Microsoft, AWS, Apple, Facebook, tiktok, linkedin,intel, ibm, oracle, dell even SAP. These are literally off the top of my head from the tech jobs Ive seen on linked in over the last while.
Now think of all the non-tech roles, all the accountants, sales, HR, tax people. There is a locus of skill sets, within a very small area, in an English speaking, European country.
I meant claiming that these tech companies are just brass plate operations just aren't true, they are a huge part of our economy.
Talk to someone from Cork and there is a good chance they know (like a family member) who had worked in Apple or EMC at some point!
Yes but these companies don't pay that 15%. They all get special deals paying pretty much nothing. That's what that ongoing lawsuit is about by the EU against Apple. They're still trying to get almost 14 billion euro paid.
everywhere else in the EU also signed it, and the corporate tax rate wasn't even the lowest in the EU already. (Bulgaria was lower, and another eurozone country was tied)
It's by design. These companies can't pull this in any other EU country. Ireland was a relatively poor country 20 years ago. And is showered with money since then for its membership to the EU.
Right question to ask is why did Germany, France allowed it. May be they foresaw that this was the only way to keep Ireland in the union or to get these companies in EU at the first place.
I think it's a little more than that, if you include other staff not in their Cork campus.
Also important: Enterprise Ireland (EI, the ones doing most of the work on turnkey tax-minimization) is a semi-private company, and is graded based on business development, and not tax revenue.
The juxtaposition of those two ideas is interesting! It raises the spectre of low cost data transfer jurisdictions particularly from policy bloc arrangements. Essentially, what is the lowest cost data egress (defined in $/policy offence) from a given zone!
If you took the top, single fine for one American company (Amazon). It is alone more than the sum of all domestic fines in all EU member states put together.
I mean, given tax shenanigans, it also wouldn't surprise me if FAANG had significantly more revenue on paper in Ireland than any EU company (except maybe the plane leasing ones?)
And yet, many European companies do routinely send data to the US, primarily in the context of using US-based service providers. They pretend that disclosing this transfer to the customer and pointing out that the ECJ has deemed US data protection as unacceptable allows them to do it anyway. In practice this may be true, but that’s only because the theory of what the GDPR requires is so rarely enforced in meaningful ways.
Yeah, especially when in the case of the fine for consent about personal ads, the fine was for violations before the law was in place.
That is an insane precedent. Most legal systems understand that applying laws retroactively is a really big no no, as it can create a massive overreach of power in the future, and also creates a hugely unpredictable present, if any time in the future you can be liable.
The EU's obsession with getting money from US tech companies is leading it down really dangerous paths.
> The EU's obsession with getting money from US tech companies is leading it down really dangerous paths.
Gotta love the menacing language.
If Meta is not happy with the fines they have multiple options:
1) Actually respect regulations. It's not that hard for a company with so many resources.
2) Stop operating in EU
There is no dangerous path for the EU here. The block has the right to define it's regulations, and companies have to comply or be justly punished. That's all there is to it.
It's great that you have a non-publicly available newsletter as a source, but if you read the DPC item [1] you'll see that it's just about the GDPR. What Ben probably does not understand, is that the fine is not about the TOS change _before_ the GDPR came in effect, but about the fact that data was processed without valid legal basis _after_ the GDPR came in effect as the TOS change and an 'I accept' button was simply not sufficient.
Can you provide a link or the full quote of the relevant section, so that we can see what’s going on here? My expectation is that he’s misunderstanding the situation.
To be fair, it is not 100% clear on my original post that I am not talking about this fine but a previous one. But if you read it carefully that is was I say. And here is Ben thompson on 11th January 2023:
"In short, Meta can not make access to its personalized social media services contingent on accepting personalized advertising; moreover, the company was fined for having done just that, despite the fact their regulator agreed with them that that was acceptable.
I find this decision disturbing for two reasons. First, it seems unduly punitive that Meta can be fined a material amount for an approach that is not only reasonable on its face (more on this in a moment), but also one that its primary regulator agreed was appropriate. GDPR is not clear on this point, and it’s ridiculous that a company can be retroactively fined for not reading the minds of EU bureacrats.
Second, and more importantly, the fact that Meta must offer personalized social networking to users — which uses their data! — but cannot tie that to offering personalized ads — which uses their data in the exact same way, and without sharing or selling that data to advertisers — is a completely arbitrary attack on Meta’s ability to do business. Let me reiterate that point: serving a video or a post in your Facebook feed is no different from serving an ad; it is Facebook that is choosing what to serve you, not an advertiser, who has no access to users or their data. It’s all just bits, it just so happens that some of those bits make Meta money. That, apparently, is the crime here (and a callback to the Google Shopping case)."
Do you still think the EU is acting like a fair player? When in fact they are both a player and the referee? This type of behavior is exactly why there wont ever be any major innovation in the EU. And I live here btw.
There is nothing in there about retroactively applying laws. If there is anything, it may be that the laws were(/are) unclear.
The Irish DPC states they never approved anything (but there has been discussions between various European data protection authorities and the EDPB during the investigation). See for example 2.44 or 2.46 of the report [1]:
> It is factually not the case that the Commission endorsed or approved of the Terms of Service and Data Policy of Facebook or indeed of any other organisation
and
> To the extent that Facebook seeks to rely on or has ever relied on any consultative process with the Commission in order to defend the lawfulness of a particular practice, this has been in error. More pertinently, for present purposes, Facebook makes no such argument in the context of this Complaint. This is because the Commission never provided any such approval in this case nor does it do so in the context of its engagement and consultation role more generally
If you look at the final decision on Meta, you'll see that most of the fine (80+70=150 million) is for the fact that Meta was not clear on what they were doing with user's data. Only the last 60 million is about the actual legal ground of the processing. So the past that Ben Thompson mentions essentially skips 70% of the fines.
And yes, the data protection authorities are acting like a fair player and they are not the referee. We have courts for that (and this will find it's way through the courts, no worries).
Yes, it wasn't clear initially which fine you were writing about. But, if the fine was referring to activity that occurred after the GDPR entered into force, it is inaccurate to say that it was retroactive - it was simply that the Irish regulator misunderstood or misenforced the law according to the courts, but for a company as sophisticated as Meta, that shouldn't be an excuse. They have far more legal expertise on staff than the Irish DPA.
And, no, nobody is forcing Meta to offer personalized social networking to users in the EU. Meta is free to decline to do so. The EU is simply forcing them to decouple consent to such a service from consent to receive personalized ads. It is a valid social policy choice to want to differentiate those processing purposes, even if Meta doesn't like it. I do.
To the extent that the EU is not acting like a fair player here, it is by disrespecting the democratic will of the EU population as expressed through their EU representatives by inadequately enforcing the GDPR.
I think it's good that the regulatory capture and the intentional Irish government policy of underfunding which currently applies to the Irish DPA is not as successfully a "get out of jail free card" for non-compliance in the EU as equivalent circumstances are in the US. Many thanks to noyb.eu for filing complaints and to the EU courts and the European Data Protection Board for taking them seriously.
>The EU's obsession with getting money from US tech companies is leading it down really dangerous paths.
Yeah shame on EU for issuing fines for the anti-consumer, privacy abusive and illegal practices of the saint ad-ware empires of US big-tech companies. How dare they protect their citizens? Don't they know big-tech should be left unregulated to abuse people so billionaires can become trillionares?
Speaking of double standards it's funny how the US keeps wanting to ban Chinese TikTok for doing the same abusive data collection Meta and Google was doing without issues.
This was teased in Meta's recent quarterly report [1]:
"On April 13, 2023, the European Data Protection Board (EDPB) issued a decision and we expect the IDPC to issue a final decision in this inquiry in May 2023. It is expected that in addition to the transfer suspension order, the IDPC will make an order requiring Meta Platforms Ireland to bring its relevant processing operations into compliance with the GDPR and imposing a fine. We continue to examine the decision and its potential impact on our operations. We expect that the deadlines to comply with the IDPC decision will be no earlier than the fourth quarter of 2023."
When Europeans communicate with Americans as expected on a social network, where does the data live?
Keeping the data solely in Europe only seems relevant for people who have no American friends who read their posts. As soon as there’s one American in the conversation, or even just someone visiting the US, it’s going to be delivered to the US.
Also consider that posts are often reshared.
To make this effective, it seems like there would need to be region restrictions in the UI? If there were a “Europe only” checkbox, how many would use it?
And Meta is so determined to do this that they're threatening to leave the EU. So again...what exactly is being done with this data that is impossible on EU turf but possible on US turf? I personally can't think of anything Kosher
When there are hundreds of millions of Americans who are subscribed to the feeds of hundreds of millions of Europeans, and the Americans' feeds are generated via server-side queries, that seems roughly equivalent to a bulk transfer? It's querying a cache, at least, which is going to look rather like a database.
I suppose they could serve all the Americans' queries out of Europe, but that's going to affect costs and latency, and the data still ends up in the US.
I don't know what's going on at Meta, but possibly, they have a lot of technical debt and doesn't want to do a big rewrite of many of their systems for dubious benefits?
And there would also be the issue of having lots of Americans' data in European jurisdiction.
So it seems like what we're seeing here is supposedly "borderless" computer systems running up against legal realities. I suppose if it resulted in a breakup, it wouldn't be the end of the world, but it would be expensive.
The NSA / US govt are the ones we should be pissed at here, their data acquisition is what tanked Privacy Shield, that US companies doing business abroad depended on.
The way these systems typically work is that a US company builds its infra in the US, and gets economy of scale from shared infra, especially true for companies that run their own data centers. (Look at the map of Meta DCs).
The alternative is that you need to stand up a full copy of your infra (per what? In the limit, per country?) and that’s substantially more expensive, not to mention technically challenging. So the answer is simply that it was built the easy way, based on the assumption that the Privacy Shield treaty was sound.
Also, what does that even mean for an app like Meta? They are a graph. Where do the edges that span jurisdictions live? If a US user likes an EU user, is the “like” edge stored in the EU? There are reasonable answers to this sort of question, and the reasonable answers may overlap with how the regulators wrote the laws, or they may be mutually inconsistent with how other regulators wrote the laws.
It seems quite likely that the end state is as you describe, but I think around here of all places there should be a deep understanding of how hard it is to split your system like this.
Nothing new, until a proper legal basis is defined for transatlantic data transfer all services with us based company and data centers are in violation of GDPR
GDPR only comes into effect when the data is stored locally right? At my old company we worked on a bunch of private data from American citizens and were always careful to keep it in the cloud, since if we downloaded it onto our local computers we'd have to care about the people's privacy.
Article 3(1) of GDPR
"This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not."
Recital 14 of GDPR
"The protection afforded by this Regulation should apply to natural persons, whatever their nationality or place of residence, in relation to the processing of their personal data."
>GDPR only comes into effect when the data is stored locally right?
It applies to EU citizens globally. If you store data on EU citizens -- you're expected to comply with GDPR. This will be ineffective for small companies in the US or China but nearly all large companies will have a presence in the EU.
The GDPR has absolutely nothing to do with citizenship, I don't know why this myth won't die.
It applies when you process data about people physically in the EU (whether they're citizens, residents, on holiday or just transiting through) or if the person/company doing the processing is based in the EU.
It applies to companies who store data on EU citizens and have any legal basis requiring them to comply with EU law. (No country should be able to say its law applies globally to people or companies not under their jurisdiction. And even if you're a fan of GDPR, there are plenty of countries whose jurisdictions you wouldn't want to be under.)
"The protection afforded by this Regulation should apply to natural persons, whatever their nationality or place of residence, in relation to the processing of their personal data."
Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.
Ireland wants to lose money US corps pay them in order to bypass higher EU taxes I guess. I am wondering if they did some game theory scenario about what fine Meta can absorb before it's easier for them to relocate elsewhere with laxer standards that would love some more tax income.
I mean that's precisely how Ireland raised their GDP, they took all US companies and offered them low tax deals, making the rest of EU upset. Now they probably burned through all that money and are trying to outsmart those corps to get more money from them. Tax offices always project the same or higher income for the next year and when they get hit, they need to squeeze it out from somewhere.
The "G" in "GDPR" is the same as the one in "AGI": "General".
As I understand it (not a lawyer), every country in the EU unified their data protection regulations to match it, and the penalties for non-compliance are the same in all cases.
So, even maximal enforcement shouldn't cause any company to relocate. So long as the companies accept this as reality.
Actually, the GDPR only defines a minimal baseline for all the EU countries to meet. And countries didn't need to update their own laws to match it: since it is a Regulation rather than a Directive, the GDPR is enforcable in the entire EU even without a local law supporting it. Countries are still free to enact stricter policies if they want to, but those obviously wouldn't apply outside their own national borders.
That's in theory; in practice countries often look the other way or delay actions when they see fit. I guess Ireland is running out of money they planned to get and are now trigger happy on Meta.
> The DPC, which oversees the EU operations of most Silicon Valley firms...
Ireland has found itself the de facto privacy regulator for these companies in the EU...