Senior Vice President, International Regulatory Affairs & Antitrust, U.S. Chamber of Commerce
Published
August 29, 2024
This week, Europe announced its latest jaw-dropping fine against yet another American company. Uber was fined $324 million for data transfers to the United States in violation of General Data Protection Regulation (GDPR).
The fine was retroactively levied for a period when Uber, like thousands of other companies, was plunged into legal limbo when the European Court of Justice struck down the U.S.-EU Privacy Shield Agreement governing data transfers. In a similar case, Meta was fined $1.3 billion.
Curiously, neither Uber nor Meta was found to have violated the privacy of any European. Instead, the alleged violations resulted from transferring data from Europe to the U.S. during a period in which Europe’s highest court questioned whether such transfers were safe from unlawful access—by the U.S. government.
There is no evidence that Europeans were being spied upon or that any of its citizens experienced identifiable harm from these transfers. In response to the court’s concerns, the U.S. and European Commission concluded an updated legal arrangement, removing the legal limbo the court created. As for the actual privacy practices of the companies, nothing changed. Yet fines have been levied.
Arbitrary and Massive Fines
Europe is not shy about imposing fines, and its regulators are rarely held accountable for how they selectively apply penalties. Europe routinely grants its enforcers the ability to levy massive extraterritorial fines based on a percentage of global revenues. Among the laws that feature these fines and their thresholds for first-time offenses: Digital Markets Act (up to 10% of global revenues); Competition Law Violations (10%); EU AI Act (7%); Digital Services Act (6%); Corporate Sustainability Due Diligence Directive (5%); and GDPR (4%).
This is just a sampling of European laws that use this approach. Even minor violations will likely result in fines of 1 to 2% of global turnover, and repeat violations allow for even larger amounts. The fining authority has no guardrails to ensure that penalties track the actual harm caused. In fact, European regulators have no obligation to quantify the harm caused, leading to hefty fines in a seemingly arbitrary fashion.
American Companies Pay the Price
American companies are squarely in the sights of European regulators. Over the years, the EU and its member states have levied billions of dollars in fines and penalties against U.S. firms. Apple, Amazon, Google, Illumina, Mastercard, Meta, Microsoft, and Qualcomm, to name a few, have been slapped with competition fines ranging from hundreds of millions to billions of dollars. Again, none of these fine amounts is correlated to actual harm suffered by consumers.
Instead, the European Commission merely alleges that harms “may have” occurred or that consumers “may have” paid more. Illumina was fined $476 million for completing a merger without the European Commission’s permission, even though the transaction had no geographical nexus to the EU (a standard for asserting jurisdiction over mergers). That unprecedented move may be overturned in court later this year.
Recent measures also play a role in hefty fines for ill-defined violations. X, formerly Twitter, is facing a Digital Services Act (DSA) investigation for its blue “verified” checkmark, while three other American companies are under investigation for potentially violating the Digital Markets Act (DMA). The latter measure currently applies only to foreign companies and is written in such an open-ended manner that a company captured by the law can’t be certain of the steps they need to take to come into compliance.
Concerns from U.S. Lawmakers
Congress is increasingly taking note. Dozens of lawmakers in both chambers of Congress have sent letters to the Biden administration, here and here, expressing “ongoing concerns with EU efforts to regulate the digital economy in ways that harm American companies and workers.” In response to Brussels’ latest fine against Uber, a Congressional inquiry could nudge the administration to defend U.S. companies abroad.
Like most governments, the EU is always casting about for additional resources. It seems the bloc has hit upon super-sized levies against American companies as a convenient source of revenue, generated by rules that are often ill-defined. In imposing an eye-watering $2 billion fine on Apple this spring, the European Commission stated outright that fines like these “help to finance the EU and reduce the burden for [its] taxpayers.”
Bottom Line
To abide by the rules, companies need clarity regarding their obligations. If regulators decide to impose fines, they should be required to demonstrate specific calculations that correlate the size of the penalty to the harm caused. The time has come for the U.S. to push back on the Commission’s unjustifiable and discriminatory use of huge fines against American companies.
About the authors
Sean Heather
Sean Heather is Senior Vice President for International Regulatory Affairs and Antitrust.