On January 23, 2025, President Donald Trump criticized the European Union at the World Economic Forum in Davos, stating, “They took billions from Apple and Google through the courts, and now they’re after Facebook for billions. These are American companies the EU is taxing unfairly.”
This accusation reflects a growing clash between US tech giants and the EU, escalating from targeted legal battles over privacy and competition into a broader struggle over digital economy control.
The US, particularly under the Trump administration, views these EU actions as economic protectionism, akin to tariffs.
Ronin Legal examines the early legal foundations of the EU’s regulatory push in the 2010s, spotlighting landmark cases against Meta and Google that ignited this transatlantic rift.
Background
By the early 2010s, major U.S. tech companies had come to dominate Europe’s digital landscape. Google commanded over 90% of the search market, Meta captured 68% of social media, iOS claimed roughly 20% of the smartphone market, and Amazon secured 22% of e-commerce sales, double that of European competitors.
The 1995 Data Protection Directive
The first major legislative effort to rein in US tech dominance was the 95/46/EC Directive enacted in 1995. It required personal data to be processed lawfully, with clear consent, and only for specific purposes. It also restricted data transfers outside the EU unless the destination country ensured “adequate protection.”
This directive laid the groundwork for modern data protection, harmonizing rules across member states and giving individuals rights to access, correct, or object to their data’s use.
GDPR: A Global Standard
By May 2018, the General Data Protection Regulation (GDPR) replaced the 1995 Directive, becoming the gold standard for data privacy. GDPR introduced stricter consent rules, transparency requirements, and fines up to 4% of a company’s global revenue.
It applied to any firm handling EU citizens’ data, regardless of location, giving the EU unprecedented global reach. This shift from fragmented national laws to a unified framework signalled the EU’s intent to rein in tech giants.
Privacy Battles: Schrems I and II
The EU’s privacy push clashed head-on with US tech practices, particularly over data transfers. Two landmark cases, driven by Austrian activist Max Schrems, redefined the rules.
Schrems I (2015): Safe Harbour Falls
In 2015, the European Court of Justice (CJEU) invalidated the Safe Harbour Agreement, which since 2000 had allowed US companies to transfer EU data by self-certifying compliance with EU-like privacy standards. Schrems argued that US surveillance laws, like FISA Section 702 and Executive Order 12333, allowed warrantless access to EU citizens’ data via programs like PRISM.
The CJEU agreed, finding that US laws offered inadequate protection under Directive 95/46/EC. Companies scrambled to adopt Standard Contractual Clauses (SCCs) as a workaround, while the EU and US negotiated a new framework.
Schrems II (2020): Privacy Shield Collapses
In 2020, the CJEU struck down Safe Harbour’s successor, the Privacy Shield, in Schrems II. The court again cited US surveillance laws, noting that EU citizens lacked enforceable redress against US data access.
Even SCCs faced scrutiny, requiring companies to verify protections case-by-case. These rulings forced tech giants to overhaul data transfer practices, raising compliance costs and highlighting the EU’s demand for digital sovereignty control over its citizens’ data.
Antitrust Actions: Google versus Europe
In contrast to the price-focused antitrust approach of the US, the EU chose to target Google’s dominance by emphasizing fair competition. Between 2017 and 2018, the European Commission imposed over €6 billion in fines across two major cases.
In Google Shopping (2017), the Commission fined Google €2.42 billion for abusing its 90%+ search engine market share. Google gave its own comparison-shopping service top placement in search results while demoting rivals like Kelkoo. This reduced visibility for competitors and limited consumer choice. The EU ordered Google to treat competing services equally.
In Android (2018), Google was fined €4.34 billion for forcing manufacturers to pre-install Google Search and Chrome as a condition for using Android. This restricted rival apps and alternative versions of Android, reinforcing Google’s dominance. The EU required changes, leading Google to introduce browser choice screens for European users.
These cases marked a firm regulatory stance, with the EU acting to reshape tech market behaviour beyond just pricing concerns.
Meta’s Privacy-Antitrust Nexus
Meta has come under sustained scrutiny in the EU for both its dominance in the social media market and its handling of user data.
In February 2019, Germany’s Federal Cartel Office ruled that Meta (then Facebook) abused its dominant position, holding over 95% of the social media market. The authority found that Meta combined user data from Facebook, Instagram, WhatsApp, and third-party websites without proper consent.
It concluded that users were effectively forced to accept these practices due to Meta’s dominance, linking privacy violations directly to antitrust harm. Meta was ordered to stop this data merging unless users gave explicit consent. Though Meta appealed, the case influenced the Digital Markets Act’s provisions on curbing data exploitation by digital gatekeepers.
Separately, the Irish Data Protection Commission imposed several significant fines on Meta over its handling of user data. The most significant came in May 2023, when Meta was fined €1.2 billion for transferring EU user data to the US in breach of the Schrems II judgment, which held that US protections were inadequate.
This followed earlier fines of €405 million in 2022 for Instagram’s mishandling of children’s data, and €225 million in 2021 for WhatsApp’s lack of transparency in data sharing.
A New Global Standard
What began as the EU’s assertion of sovereignty has evolved into a powerful model for exporting its regulations globally. This phenomenon, dubbed the “Brussels Effect” by Professor Anu Bradford, leverages the EU’s substantial market size and rigorous regulatory framework to compel businesses worldwide to adopt its standards. A prime example is the GDPR, which has set a global benchmark for data privacy, effectively making EU rules the de facto global standard.
This dynamic puts U.S. tech companies in a challenging position, often requiring them to comply with EU regulations across all markets to gain access to the lucrative European consumer base.
Part II will further examine this evolution, shifting focus to legislative strategies like the Digital Markets Act, Digital Services Act, and data localization policies, and how these explicit measures targeting U.S. tech “gatekeepers” fuelled transatlantic tensions.
Authors: Shantanu Mukherjee, Alan Baiju, Mohak Vilecha
