Meta, the owner of Facebook, has been sanctioned with a staggering fine of 1.2 billion euros ($1.3 billion) for unlawfully transferring user data from the European Union (EU) to the United States. The Irish Data Protection Commission (DPC), acting on behalf of the EU, announced this record penalty on Monday, citing a breach of a previous court ruling.
The investigation into Meta Ireland’s data transfer practices commenced in 2020, focusing on the transfer of personal data from the EU to the United States. The DPC, headquartered in Dublin, found that Meta had failed to address the risks to individuals’ fundamental rights and freedoms, as previously identified by the Court of Justice of the European Union (CJEU).
As the DPC failed to reach a consensus, it referred the matter to the European Data Protection Board (EDPB), which subsequently ordered Meta Ireland to halt future transfers of personal data to the United States and pay a substantial fine of 1.2 billion euros.
Reacting to the EDPB’s decision, Nick Clegg and Jennifer Newstead from Meta expressed their concerns, emphasizing that the ruling raised significant questions. They pointed out that the United States has made substantial efforts to align with European rules through recent reforms. They also highlighted the continuation of data transfers to countries like China, which face fewer challenges.
This is not the first time that Meta has faced severe penalties from EU regulators. In addition to the recent fine, Meta has already been hit with fines in the hundreds of millions of euros for data breaches related to its Instagram, WhatsApp, and Facebook services. In fact, this is the third fine Meta has received in the EU this year alone, and the fourth in just six months.
The EU’s General Data Protection Regulation (GDPR) has been instrumental in holding tech giants accountable for their data practices. In 2021, Amazon, another major player in the tech industry, was fined 746 million euros in Luxembourg for violating the GDPR.
The imposition of this massive fine on Meta underscores the EU’s commitment to safeguarding the privacy and data protection rights of its citizens. It also sends a clear message to tech companies that compliance with data protection regulations is non-negotiable, regardless of their size or influence.