Meta Platforms Inc., the owner of Facebook, has been hit with a record-breaking fine of €1.2 billion ($1.3 billion) by the European Union (EU) for violating privacy regulations. In addition to the fine, Meta has been given a deadline to cease transferring users’ data to the United States (US) after failing to adequately protect personal information from American security services, as stated by regulators.
The Irish Data Protection Commission, responsible for overseeing data protection in the EU, declared that Meta’s data transfers to the US did not address the potential risks to individuals’ fundamental rights and freedoms.
Surpassing The Previous Fines
The imposed penalty surpasses the previous record privacy fine of €746 million imposed on Amazon.com Inc. by the EU. Furthermore, Meta has been granted five months to suspend any future transfer of personal data to the US and six months to halt the unlawful processing and storage of transferred personal EU data in the US.
While the ban on data transfers was expected, it is likely to have a reduced impact due to the transitional phase and the potential for a new EU-US data flows agreement, which could be operational by mid-year.
This development is part of a long-standing legal battle that has placed Facebook and numerous other companies in legal limbo. In 2020, the EU’s highest court invalidated an EU-US pact governing transatlantic data flows, citing concerns over the safety of citizens’ data once it reached US servers. Although the court did not strike down an alternative mechanism based on contractual clauses, doubts regarding data protection in the US led to an interim order from the Irish authority, instructing Facebook to cease transferring data to the US using this alternative method.
Meta Slammed With a Record $1.3 Billion Fine for Breaching EU Regulations
Meta Making Its Intentions Clear
Meta has expressed its intention to appeal the Irish decision, labeling it as “flawed” and “unjustified.” The company plans to seek an immediate suspension of the banning orders, claiming that they would harm the millions of people who use Facebook daily.
The restrictions on data transfers risk fragmenting the internet into national and regional partitions, hindering the global economy and limiting access to shared services for citizens in different countries, according to Meta’s President of Global Affairs, Nick Clegg, and Chief Legal Officer, Jennifer Newstead.
The Privacy Shield Agreement
In December, EU regulators proposed a replacement for the previous “Privacy Shield” agreement, which was invalidated by the EU’s Court of Justice. Negotiations with the US resulted in an executive order from President Joe Biden and US commitments to ensure the safety of EU citizens’ data during transatlantic transfers.
A Mere Coincidence
The timing of Meta’s crackdown coincides with the fifth anniversary of the EU’s General Data Protection Regulation, which is widely regarded as the global standard for privacy protection. Since May 2018, EU regulators have had the authority to levy fines of up to 4% of a company’s annual revenue for severe violations.
The Irish Data Protection Commission has emerged as the primary privacy regulator for major tech firms with an EU presence, including Meta and Apple Inc.