- Meta has been fined a record €1.2 billion ($1.3 billion) by European privacy regulators over the transfer of EU user data to the US.
- The Irish Data Protection Commission also asked Meta to suspend “any future transfer of personal data” to the United States
- Facebook said it would appeal the decision and the fine.
Visitors take pictures in front of a meta sign at its headquarters in Menlo Park, Calif., December 29, 2022.
Tayfun Coskun | Anadolu Agency | Getty Images
Meta has been fined a record €1.2 billion ($1.3 billion) by European privacy regulators over the transfer of EU user data to the US.
The decision is linked to a case brought by Australian privacy campaigner Max Schrems, who argued that the framework for transferring EU citizens’ data to America does not protect Europeans from US surveillance.
Several mechanisms for lawful transfer of personal data between the United States and the European Union have been challenged. The most recent such iteration, Privacy Shield, was rejected by the European Court of Justice, the EU’s highest court, in 2020.
Meta’s offshore operations in the European Union alleged that the company breached the bloc’s General Data Protection Regulation (GDPR) when it continued to send European citizens’ personal data to the United States despite a 2020 European Court ruling, the Irish Data Protection Commission alleged.
The General Data Protection Regulation (GDPR) is the prominent data protection regulation in the European Union that governs companies active in the bloc. It came into force in 2018.
Meta has used a mechanism called the Standard Contractual Clauses to transfer personal data in and out of the European Union. This has not been banned by any European Union court. Ireland’s data watchdog said the provisions were adopted by the European Commission, the EU’s executive arm, along with other measures implemented by Meta. However, the regulator said these arrangements “did not address risks to the fundamental rights and freedoms of data subjects that have been identified” by the European Court of Justice.
The Irish Data Protection Commission also asked Meta to “suspend any future transfer of personal data to the United States within five months” of the decision.
The €1.2 billion penalty for Meta is the highest penalty any company has been fined for breaching the General Data Protection Regulation (GDPR). The previous largest fine was 746 million euros for e-commerce giant Amazon for breaching GDPR in 2021.
Meta said she would appeal the decision and the fine.
The Meta case is likely to put the focus back on efforts by the EU and Washington to get a new data transfer mechanism agreed upon. The United States and the European Union last year agreed “in principle” on a new framework for cross-border data transfers. However, the new agreement has not yet entered into force.
“Hipster-friendly troublemaker. Communicator. Organizer. Devoted web lover. Unapologetic problem solver. Reader. Explorer. Travel guru.”
More Stories
Asia Markets Rise After Biden Signs Debt Ceiling Bill; Oil rises due to OPEC+ cuts
Saudi Arabia cuts its oil production in July, and OPEC extends the agreement until 2024
OPEC + meets to discuss production quotas and a new cut: sources