Facebook parent company Meta has been fined €1.2 billion by the Irish Data Protection Commission (DPC) for breaches relating to the transfer...
Facebook parent company Meta has been fined €1.2 billion by the Irish Data Protection Commission (DPC) for breaches relating to the transfer of personal data from the EU to the US.
It is the largest ever EU privacy fine, exceeding the previous record penalty of €746 million which was imposed on Amazon in 2021.
As part of the decision, Meta has been ordered to suspend the transfer of data from the EU to the US and has been given five months to comply.
The company has been given six months to cease the unlawful processing, including storage, in the US of personal data of European users transferred in violation of the General Data Protection Regulation (GDPR).
The decision relates only to Facebook and not Meta's other platforms such as Instagram and WhatsApp.
The ruling follows an investigation by the DPC into the legal tools used by Meta to transfer Facebook user data from the EU to the US.
The tools are known as "standard contractual clauses" and the DPC found that the arrangements did not address the risks to the fundamental rights and freedoms of data subjects.
Meta said it will appeal the decision.
"We will appeal the ruling, including the unjustified and unnecessary fine, and seek a stay of the orders through the courts," the company said in a statement.
Meta said it was disappointed to have been singled out when using the same legal mechanisms as thousands of other companies providing services in Europe.
"This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US," Meta said.
In its original ruling, the DPC did not recommend a fine but some of its fellow European data watchdogs disagreed and ultimately the European Data Protection Board (EDPB) ordered that a fine be imposed.
Meta said this raises serious questions about a regulatory process that enables the EDPB to overrule a lead regulator, disregarding the findings of its multi-year inquiry.
Revelations in 2013 by whistleblower Edward Snowden that US authorities were spying on social media users sparked concerns over the safety of EU user data once it was transferred to the US.
Austrian privacy campaigner Max Schrems filed a legal challenge against Facebook for failing to protect his privacy rights.
Lengthy court battles followed which ultimately saw the European Court of Justice strike down the 'Privacy Shield' data transfer agreement that had existed between the EU and US.
A new data transfer framework has been agreed between the US and EU and it is expected to be in place later this year.
No comments