Also to add, this fine is concerned with the EU. I'm not sure why we care how much money Meta makes in other regions. EU accounts for about 25% of their revenue [1]. So in terms of yearly net income it then gets closer to about 15%. Again, the job of EU is to regulate businesses in the EU and not the rest of the world.

[1] https://businessquant.com/facebook-revenue-by-region

Sounds to me like a clever EU work-around to force Meta to pay taxes over its EU revenue :p

This "fine" just feels like "cost of doing business in the EU" to me...

They broke a law that violates basic human rights. Privacy is important to EU citizens, and unlike the US they largely enjoy that right thanks to laws which are enforced.

Nothing to do with taxes.

A lot of EU countries are also in "big eyes" esque spying agreements. The occasional story of a privacy law being enforced doesn't change that

Facebook is not the government so even if what you say is true, it's really off-topic. Being protected from businesses violating your privacy is a good thing.

The reason why Facebook transferring data to the US is illegal in the EU is because its spy agencies and law enforcement can force them to turn over data.

It's not off topic at all.

Can EU governments force companies to turn over data? If not, then you are talking about what EU governments do secretly. That's a different topic.

And the United States can't? Facebook is part of PRISM, and they are incorporated in America. They are arguably in a more compromised state when operating domestically than abroad.

That's not the argument I would go with, but you could. I would argue that the EU has more oversight into its spy agencies and can reign them in if wrongdoing comes to light, whereas they have little to no control over those in the US.

It's not off topic. You said:

> unlike the US they largely enjoy that right thanks to laws which are enforced

This is categorically not true.

This isn't about protecting users from spying. This is about managing user data and privacy in accordance with the laws that privately-owned businesses must abide by. You can claim that it's a double-standard, but it's still wrongdoing and needed to be sorted out either way.

Funnily enough, country that is biggest on that recently left EU...

But not because the EU didn't like their spying.

> Nothing to do with taxes.

If companies view it as cost of doing business, it's akin to a tax and the rights you hold dear are not respected

That's true but the evidence points to companies changing policy to avoid increasing fines and the risk of being banned entirely.

So how do you have “privacy” when the entire purpose of social media is to share your likes, dislikes, social graph, etc. worldwide?

The data that Facebook collects about people goes far beyond what is explicitly shared and visible in their profile. E.g. which sites they visit (and when) with Facebook widgets on them, on-site browsing habits, private conversations, their phone contacts, location data, etc.

I imagine that a number of features are built on top of these. I remember that you could easily see what friends where nearby you when you were traveling (I ran into a friend who was visiting Milan at the same time as me a few years back!) but the feature doesn't exist anymore. I'm wondering if it's because of regulations that they had to cut down on these features.

Facebook posts can be made for only friends to see. Other social media has similar controls.

Facebook also has private messaging.

And when those private messages get sent to someone in the US or those friends are in the US, what do you think is going to happen with the data?

You're moving the goal posts. Your claim was that all posts are globally public. That's wrong.

But to play along, what happens to the data depends on where it is stored. If the data center is in the US then the government can get a court order to seize that data. Which is not the same as in some other countries, is it?

well, what would happen is facebook getting 1.3B fine

That's not what the EU said. You can read the publicly available ruling. Or any of the hundreds of articles summarizing the ruling.

> Privacy is important to EU citizens

The people on the ground didn't do anything with this

That's entirely untrue. Countries in the EU had strong privacy laws before the EU existed. And before the internet existed. Mostly around phone companies, but not only. Having lived in a few countries in the EU I can also anecdotely say that privacy laws are generally liked.

GDPR laws are so popular that 17 countries outside the EU already have similar laws.

Nah, GDPR is great.

For example now random security camera operator can't just take some scenes and post it on youtube, as that would violate GDPR in several ways and few companies paid tens to hundreds of thousands in fines for that.

It also cut sooo much bullshit when it comes to PII management. Because there is actual teeth behind it very little companies will try the old trick of "oh you wrote email to us ? Let's just send marketing stuff on that", as that would require separate consent.

Well, companies are known for organising their affairs to avoid taxes. I suppose they can organise their affairs to avoid fines as well.

I am SO glad I was not taking a sip of my very hot coffee when I read this.

They got 5 months to fix the issues. So after 5 months they can collect a bigger fine ... and then 5 months later again, with three increasing charges within 12 months it's more notable.

Ok, realistically it's unlikely to happen exactly that way, ...

Fortunately, we can count on FB to move fast and break this hazard much faster than that.

Sometimes I wonder why there are so many people advocating three strike and out laws, but never against corporations. Would be interesting if the third fine would be so large that shareholders are wiped out and debt holders are left with scraps.

The GDPR allows for fines based on global revenue to prevent companies playing games with where there income is "technically" generated.

Bit off topic, but how on earth did Meta gross 116 billion USD ? lol

Of course we all find tech valuable, but that is absolutely stupid money for what I get out of their services, which is almost nothing hence I've not opened FB for weeks and I open Instagram for 2-3 minutes every day and turn it off, lately maybe every other day.

Even with more engaged users it's hard to believe it's worth that much money. Is the advertising really this effective ? Insane.

> that is absolutely stupid money for what I get out of their services, which is almost nothing

That's why it's a free product! Revenue is from the value they deliver to advertisers. Meta's average revenue per user is significantly higher than other ad platforms (except Google).

For someone selling to a particular group of people, getting ads to that specific group, and ONLY that group, is really valuable.

Your guess is wildly mistaken. They did not intend to sell data to CA; and the CA events happened in 2014-2015 and the program CA abused was subsequently shut down.

To my mind that could be explained as CA exploiting Facebook users' data and Facebook shut down that program so that it could instead explicitly sell similar datasets.

Well, you're wildly mistaken again. The dataset is the golden goose -- they have no interest or incentive to sell it.

Selling data erodes Facebook's ability to make money selling ads (because then other people will be able to target users just as well). It's never been something they did intentionally.

Meta only lost income and credibility from that scandal, unless you believe the data breach was conspiratorial.

Seems likely to me. I can't recall Facebook acting in good faith at any point in time. If there's a bunch of money to be made assisting well-funded politicians, then I'd fully expect Facebook to be wanting a piece of that pie when their business model is generally to act against the users of the site by selling their data to manipulators.

Wasn’t the fine for breaches since July 2020? So more like 2 days revenue and like 3%profit.

Actually meta had bigger year last year so a bit less than that.

Cost of business ?

The investigation lasted 10 years.

https://noyb.eu/en/edpb-decision-facebooks-eu-us-data-transf...

So, the fine is ridiculously low. 130 million per year?

4 days is actually pretty high.

I paid way more than 4 days of income just in taxes. It's chump change in the grand scheme of things for Meta.

You're acting as if Meta doesn't also pay taxes.

Okay am I insane or does “20 days of income” for a company that generates income 24/7 seem like the definition of a “trivial fine”?

Given that you are on HN, you are likely salaried employee. This means you are also generating income 24/7. If you were fined for 20 days of your income, would you still argue that this is "the definition of a trivial fine" for you? I certainly wouldn't.

I mean given the context we’re talking about? That’s absolutely trivial. A 20-operating-days fine wouldn’t touch my day-to-day life, I wouldn’t have to alter my behavior going forward at all, there would be almost 0 repercussions.

Would I enjoy it? Certainly not.

Would I change my behavior if it was generating billions in revenue? Certainly not.

How is this supposed to dissuade FB at all?

It doesn't seem like the definition of "trivial fine," no.

Nietzsche wrote about this stuff, doubt there is any magnitude of fine that would be acceptable to the baying masses.

Reminder that this is revenue, not profit AND it is a fine from the EU so really only EU revenue should be counted when discussing how hard this hits Meta.

This implies that Meta doesn't make money outside of EU by exfiltrating EU users' data.

If Meta made zero money in EU whilst still offering a service to EU users, and still exfiltrating their data, should the fine be zero?

Even if the calculations for how to attribute income from different places would be difficult to decide upon precisely, and doubly so if the calculations are used to determine a penalty fine thanks to the possibility of being gamed, it can probably be guessed at without too much error in cases where Goodhart's Law doesn't bite.

How does anyone make money with EU data outside the EU? Seems like the value of that data is trivial anywhere else.

> a fine from the EU so really only EU revenue should be counted

You can't really fully seperaten EU revenue. I as a European write very intelligent and relevant posts on Facebook, thus people from other regions go there to read them. (well, I don't post anything on Facebook these days, but the point stands)

Meta revenue is from showing an ad. "Is the ad shown in the EU?" seems like a pretty clear line. IFRS rules already require tracking the action that recognizes revenue so seems hard to play games with it.

It should hit the global revenue. Otherwise they could play even more regionally with the rules, and fines are just a cost of doing the business.

Yes the fine should be based on global revenue, but when discussing if this fine actually hurts Meta, you should try to estimate the EU revenue, because it is about if it Meta cares about the fine. If it is a significant part of EU revenue then Meta should want to comply or leave the EU. If it is not then Meta doesn't care.

The fines can be up to 4% of global yearly turnover. I think they don't go for the full amount immediately, because you always want to have room to increase the penalty if the don't comply after this fine.

Agree.

A few years ago I was on around AUD90,000 and driving my wife's car which to me she had failed to register.

I got a AUD990 fine.

So I equate this fine to Meta getting busted for driving an unregistered car.

Not even close to a drink driving charge.

20 days of income for this seems extremely low. Were it a person, they would have been jailed and indebted for life.

Not really. The EU isn't trying to kill Meta, it's trying to get it to follow GDPR where it applies. For most people, fining them an equivalent of their monthly salary, is a blow painful enough the person won't forget it soon, and will try to avoid getting fined again.

No, they wouldn't. An appropriate fine would have been given to a sole proprietor.

Yeah agreed. They will simply continue to violate the GDPR. If the last years global revenue was 116 Billion USD, the fine should be at least 200 Billion. Otherwise companies just will see the fine as cost of doing business.

Whether something is a 'cost of doing business' is based on whether the cost is expected or unexpected, not its magnitude.