The EU has today imposed a fine on Meta amounting to 1.2 billion euros ($1.3 billion).
Record fine by the EU; Image: Engadget
Meta has been hit with a record fine of 1.2 billion euros by European data protection authorities. The accusation revolves around the unauthorized transfer of EU citizen data to the United States.
The decision stems from a lawsuit filed by Australian privacy activist Max Schrems, who argued that the mechanism for transferring EU citizen data to the US does not adequately protect Europeans from US surveillance.
Various mechanisms for legally transferring personal data between the US and the EU have faced challenges. The latest iteration, Privacy Shield, was invalidated by the European Court of Justice, the highest court in the EU, in 2020.
The Irish Data Protection Commission, responsible for overseeing Meta's operations in the EU, alleges that the company violated the EU's General Data Protection Regulation (GDPR) by continuing to send the personal data of European citizens to the US despite the European Court of Justice's ruling in 2020.
Meta utilized a mechanism called standard contractual clauses to transfer personal data into and out of the EU. This mechanism was not blocked by any EU court. However, the Irish data watchdog concluded that these clauses, along with other measures implemented by Meta, did not adequately address the risks to the fundamental rights and freedoms of data subjects identified by the European Court of Justice.
The 1.2 billion euro fine imposed on Meta is the largest ever imposed for a GDPR violation. The previous highest fine was a 746 million euro penalty levied against e-commerce giant Amazon for breaching the GDPR in 2021.
Meta intends to appeal the decision and the fine. The company is hopeful that the new data privacy agreement between the US and the EU, agreed upon in principle last year, will come into effect before the deadlines set by the Irish regulatory authority, thereby avoiding any disruptions or impact on users.