Meta fined record $1.3 billion over user data transfers from EU to US

Meta was fined a record 1.2 billion euros ($1.3 billion) by European privacy regulators for transferring user data from the EU to the US United

The ruling relates to a case brought by Australian privacy campaigner Max Schrems who argued that the framework for transferring EU citizens’ data to America did not protect Europeans from US surveillance. .

Several mechanisms for the legal transfer of personal data between the United States and the EU have been challenged. The latest such iteration, Privacy Shield, was struck down by the European Court of Justice, the EU’s highest court, in 2020.

The Irish Data Protection Commission, which carried out Meta operations overseas in the EU, alleged that the company breached the bloc’s General Data Protection Regulation (GDPR) when it continued to send the personal data of EU citizens in the US despite the 2020 EU court ruling.

The GDPR is the EU’s flagship data protection regulation that governs businesses operating in the bloc. It entered into force in 2018.

Meta has used a mechanism called Standard Contractual Clauses to transfer personal data within and outside the EU. This has not been blocked by any EU court. Ireland’s data watchdog said the clauses were adopted by the European Commission, the executive arm of the EU, in conjunction with other measures implemented by Meta. However, the regulator said these provisions “do not address the risks to the fundamental rights and freedoms of data subjects which have been identified” by the European Court of Justice.

The Irish Data Protection Commission also asked Meta to “suspend any future transfers of personal data to the United States within five months” of the decision.

The fine of 1.2 billion euros imposed on Meta is the highest ever imposed on a company for violating the GDPR. The previous highest fine was a €746 million fine for e-commerce giant Amazon for breaching GDPR in 2021.

Meta said he would appeal the decision and the fine.

The Meta case will likely re-emphasize EU and Washington efforts to secure a new data transfer mechanism. Last year, the US and EU agreed “in principle” on a new framework for cross-border data transfers. However, the new pact has not yet entered into force.