Meta fined a record $1.3 billion over EU user data transfers to the U.S.

Celebrity Gig


Visitors take photos in front of the Meta sign at its headquarters in Menlo Park, California, December 29, 2022.

Tayfun Coskun | Anadolu Agency | Getty Images

Meta has been fined a record 1.2 billion euro ($1.3 billion) by European privacy regulators over the transfer of EU user data to the U.S.

The decision links back to a case brought by Australian privacy campaigner Max Schrems who argued that the framework for transferring EU citizen data to America did not protect Europeans from U.S. surveillance.

Several mechanisms to legally transfer personal data between the U.S. and the EU have been contested. The latest such iteration, Privacy Shield, was struck down by the European Court of Justice, the EU’s top court, in 2020.

READ ALSO:  Stakeholders seek forensic auditors in public, private sectors

The Irish Data Protection Commission that overseas Meta operations in the EU alleged that the company infringed the bloc’s General Data Protection Regulation (GDPR) when it continued to send the personal data of European citizens to the U.S despite the 2020 European court ruling.

GDPR is the EU’s landmark data protection regulation that governs firms active in the bloc. It came into effect in 2018.

Meta used a mechanism called standard contractual clauses to transfer personal data in and out of the EU. This was not blocked by any court of the EU. The Irish data watchdog said that the clauses were adopted by the European Commission, the EU’s executive arm, in conjunction with other measures implemented by Meta. However, the regulator said these arrangements “did not address the risks to the fundamental rights and freedoms of data subjects that were identified” by the European Court of Justice.

READ ALSO:  SEC commissioner breaks with SEC, Gensler on crypto regulation

Ireland’s Data Protection Commission also told Meta to “suspend any future transfer of personal data to the US within the period of five months” from the decision.

The 1.2 billion euro punishment for Meta is the highest any company has ever been fined for breaching GDPR. The previous largest fine was a 746 million euros charge for e-commerce giant Amazon for breaching GDPR in 2021.

READ ALSO:  Palantir hospital operations platform accounts for 10% of revenue

Facebook said it would appeal the decision and the fine.

The Meta case will likely put focus back on the EU and Washington’s push to get a new data transfer mechanism agreed. The U.S. and EU last year “in principle” agreed to a new framework for cross-border data transfers. However, the new pact has not yet come into effect.

Categories

Share This Article
Leave a comment