Visitors take photos in front of the Meta sign at its headquarters in Menlo Park, California on December 29, 2022.
Tayfun Coskun | Anadolu Agency | Getty Images
Meta was fined a record 1.2 billion euros ($1.3 billion) by European privacy regulators for transferring user data from the EU to the US United
The decision relates to a case brought by Austrian privacy activist Max Schrems, who argued that the framework for transferring data from EU citizens to America did not protect Europeans from surveillance. American.
Several mechanisms for the legal transfer of personal data between the United States and the EU have been challenged. The latest such iteration, Privacy Shield, was struck down by the European Court of Justice, the EU’s highest court, in 2020.
The Irish Data Protection Commission which oversees Meta’s operations in the EU has alleged that the company breached the bloc’s General Data Protection Regulation when it continued to send EU citizens’ personal data to the US. despite the 2020 European court ruling.
The GDPR is the EU’s flagship data protection regulation that governs businesses operating in the bloc. It entered into force in 2018.
Meta has used a mechanism called Standard Contractual Clauses to transfer personal data within and outside the EU. This has not been blocked by any EU court. Ireland’s data watchdog said the clauses were adopted by the European Commission, the executive arm of the EU, in conjunction with other measures implemented by Meta. However, the regulator said these provisions “do not address the risks to the fundamental rights and freedoms of data subjects which have been identified” by the European Court of Justice.
The Irish Data Protection Commission also asked Meta to “suspend any future transfers of personal data to the United States within five months” of the decision.
The fine of 1.2 billion euros imposed on Meta is the highest ever imposed on a company for violating the GDPR. The previous highest fine was a fine of 746 million euros for the e-commerce giant Amazon for GDPR violation in 2021.
Meta plans to appeal
Meta said he would appeal the decision and the fine.
“We are appealing these decisions and will immediately seek a stay with the courts which may suspend implementation deadlines, given the harm these orders would cause, including to the millions of people who use Facebook every day,” Nick said. Clegg, president of Meta. global affairs, and Jennifer Newstead, the company’s chief legal officer, said in a blog post Monday.
The Meta case has refocused efforts by the EU and Washington to secure a new data transfer mechanism. The USA and the EU last year “in principle” agreed on a new framework for cross-border data transfers. However, the new pact has not yet entered into force.
Meta hopes that this data privacy agreement between the EU and the US will be in place before the Irish regulator’s deadlines are put in place.
If the new framework “takes effect before the implementation deadlines expire, our services can continue as they do today without any disruption or impact to users,” Clegg and Newstead said.
Correction: This story has been updated to reflect Max Schrems’ Austrian nationality.