As businesses continue to expand globally, the issue of data privacy and security becomes even more critical. As the amount of consumer digital data being collected increases, businesses should be mindful of the regulations governing consumer digital data transfers within their company. The European Union recently fined Meta $1.3 billion for storing consumer digital data illegally in the US.

While moving consumer digital data from the EU, a business must be aware of its consumers’ data protection and privacy regulations. In 2020, the EU courts overturned a deal brokered by the US government, which helped US companies operating in the EU move consumer digital information to the US. Since the EU overturned the deal, companies collecting consumer information must follow the Digital Services Act (“DSA”). The DSA applies to all businesses that process data of EU citizens. In Meta’s case, the EU determined that Meta stored the digital information of EU consumers illegally in Meta’s US servers. The EU stressed that Meta left an EU consumer with no effective legal way to challenge American government surveillance. Meta has publicly stated it intends to appeal the decision in the EU. Many fear the DSA’s level of scrutiny of Meta will require US companies participating with consumers in the EU to monitor and potentially maintain servers in multiple countries. 

The EU’s decision regarding Meta could spark a new trans-Atlantic data deal. Still, as of now, it is clear that businesses should prioritize data privacy and security when moving customer data from the EU. Ultimately, the EU has made it clear that protecting consumer data is paramount, and businesses must take all necessary steps to safeguard it.