Editor’s note: this is a guest post from Leif Nissen Lundbæk, co-founder and CEO of Berlin-based tech startup XAIN.
Facebook is currently engaged in an all-out battle with the EU over U.S. regulatory laws that are designed to contradict EU privacy laws, and none of this benefits the end user at all. It all stems from an investigation by Ireland’s Data Protection Commission that found Facebook users in Europe did not have proper protection from U.S. government surveillance.
This breach of EU data protection laws has put Facebook in an interesting position, one that threatens the whole of Europe’s ability to access Facebook and leaves users once again as pawns in big tech’s continuous data privacy game.
So why is this an issue now?
There are multiple dimensions to the privacy and regulatory laws that Facebook and other big tech companies operate under across borders. It’s extremely critical that we understand a few basic assumptions about privacy. First of all, privacy is and should be a human right. Privacy, regardless of application, shouldn’t be just attached to some regulatory law, it should be the primary concern of those handling our data. When it comes to Facebook however, and its operation in the EU, privacy laws create a difficult situation.
Facebook is predominantly regulated under U.S. law, specifically the CLOUD Act (Clarifying Lawful Overseas Use of Data Act) that states that U.S.-based technology companies can be compelled to provide data stored on servers regardless of physical, geographical location.
But in this particular case, the personal data belongs to EU users and is stored on EU servers, which creates a contradiction to the EU’s own privacy laws. The current conundrum is that the EU does not want Facebook (or any other big tech company) accessing EU user data via a U.S. regulatory law.
From the EU perspective this is naturally a challenging position to be in, which is why it may have taken this long to take this hard stance against Facebook. The EU has to protect the privacy rights of EU citizens, but it also seeks to maintain its regulatory relationships with the U.S. and satiate Facebook, which employs thousands across its EU offices, including its engineering center in London and data center in Dublin.
This is also not the first time this year that Facebook has found itself in the crosshairs of EU regulators, as it took the EU to court for allegedly overstepping during an antitrust probe.
The point is that Facebook’s business practices are in direct contradiction to the EU’s focus on privacy concerns.
A classic dilemma
Facebook cannot really comply with the EU and it cannot fully comply with U.S. law. The onus of the problem is that Facebook is trying to find a solution where it predominantly complies with U.S. law, the country in which it’s based, while simultaneously trying to actively change the EU law. This is obviously a situation that EU citizens should not accept. EU citizens cannot have companies from the U.S. that can or have to extract user data under U.S. law while at the same time ignoring the EU laws that completely forbid these kinds of practices.
The bottom line is that there are two laws, from two different governments that don’t fit each other. The most insufferable bit is that users are once again put in a position where we have to decide between privacy and convenience. We often choose convenience in so many facets of our digital lives, from maps to search engines, cloud providers and social networks that we may have formed a bit of apathetic response to it all. Privacy is over here, convenience is somewhere else and it seems that these two facets of our digital lives never seem to meet in the middle.
We should be upset
EU citizens should be upset. They should be questioning why this kind of dilemma is considered normal. Why should there be a trade-off between privacy and convenience? Why are we content to continuously let big tech violate our fundamental human rights? We have to stop this, we have to find solutions and alternatives, and we shouldn’t have to constantly choose between privacy and convenience. We should be able to bring both together because it doesn’t have to be a trade-off, it doesn’t have to be one or the other – it can be both.
So where does this leave us? As citizens, as users of Facebook and other big tech data platforms we should stand up against these privacy-invasive practices. More than any institution in the world, we users have all the power that we need to change how big tech companies access and trade our data. So why is there no privacy movement yet? We demonstrate for climate change and other human rights, but why don’t we actually stand up against tech companies violating our basic right to data privacy? Are we so intertwined with social networks and social good that we just don’t have the energy left?
There is a massive opportunity for the EU to create independent services for its own values that align with the rights and privacy expectations of its citizens and tech users.
There is no reason the citizens of the EU must be dependent on services that are completely non-compliant with its core values. Facebook can pack up and leave (as it’s threatening) and the EU, full of innovative minds and technologies, will create something that doesn’t step on the fundamentals of human rights.
Featured image credit: Gerd Altmann / Pixabay