Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has been slapped with a staggering 1.2 billion euro ($1.3 billion) fine by the leading European Union privacy regulator.
The fine was imposed by the Data Protection Commissioner (DPC) in Ireland, following Meta’s transfer of user data to the United States, in violation of a 2020 EU court ruling that invalidated an EU-U.S. data transfer agreement. This fine sets a new record, surpassing the previous highest EU privacy fine of 746 million euros imposed on Amazon.com by Luxembourg in 2021.
The dispute over Meta’s data storage practices traces back a decade when Austrian privacy advocate Max Schrems raised concerns about the risk of U.S. surveillance in light of revelations by former U.S. National Security Agency contractor Edward Snowden.
Meta Platforms has stated that it intends to appeal the ruling, including the unjustified and unnecessary fine, which it believes sets a dangerous precedent for numerous other companies. Additionally, Meta plans to seek a court order to halt the suspension of data transfers.
While Meta Platforms expressed confidence that a new agreement facilitating the secure transfer of EU citizens’ personal data to the United States would be fully implemented before the suspension takes effect, it reiterated its previous warning that a disruption could result in the suspension of Facebook services in Europe.
Meta Platforms argued that without the ability to transfer data across borders, the internet risks becoming fragmented into national and regional silos.
In March, the DPC announced that EU and U.S. officials were hopeful that a new data protection framework, agreed upon by Brussels and Washington in March 2022, would be ready by July. The previous two data transfer pacts were invalidated by Europe’s top court, the European Court of Justice, due to concerns regarding U.S. surveillance practices.
Max Schrems expressed skepticism about Meta’s reliance on the new agreement, suggesting that unless U.S. surveillance laws are amended, Meta would likely be required to store EU data within the EU. Max Schrems stated, “In my view, the new deal has maybe a 10 percent chance of not being killed by the CJEU (EU Court of Justice).”
As the lead EU regulator for numerous prominent technology companies, thanks to their European headquarters being located in Ireland, the Irish DPC’s suspension order and subsequent fine of Meta could set a precedent for other firms. The DPC has now fined Meta a total of 2.5 billion euros for violations under the General Data Protection Regulation (GDPR) introduced in 2018.
Initially, the DPC did not propose imposing a fine alongside the suspension order. However, following disagreement from four other EU supervisory authorities, the record-breaking fine was added after a ruling by the European Data Protection Board (EDPB). The Irish regulator has fined Meta more than any other tech company and currently has ten ongoing investigations into the social media conglomerate’s platforms.