Meta fined $1.3 billion for transferring EU user data to US

  • Meta has been fined 1.2 billion euros ($1.3 billion) by European privacy regulators for transferring EU user data to the United States.
  • The Irish data protection authority told Meta to suspend “future transfers of personal data” to the US.
  • Facebook said it will appeal the ruling and fine.

Visitors take a photo in front of the Meta sign at its headquarters in Menlo Park, California on December 29, 2022.

Tayfun Coskun | Anadolu Agency | Good pictures

Meta has been fined 1.2 billion euros ($1.3 billion) by European privacy regulators for transferring EU user data to the United States.

The decision is linked back to a lawsuit brought by Austrian privacy campaigner Max Schrems, who argued that the framework for transferring EU citizens’ data to the US did not protect Europeans from US surveillance.

Several mechanisms for the legal transfer of personal data are competing between the US and the EU. The latest such iteration, the Privacy Shield, was struck down in 2020 by the European Court of Justice, the EU’s highest court.

The Irish data protection authority accused the company of breaching the group’s General Data Protection Regulation (GDPR) when it continued to send personal data of European citizens to the US in defiance of a 2020 European Court ruling.

GDPR is the European Union’s main data protection regulation that governs companies operating across the board. It came into effect in 2018.

Meta used a mechanism known as Standard Contractual Clauses to transfer personal data in and out of the EU. No court in the EU has blocked this. The Irish data watchdog said the clauses were adopted by the European Commission, the EU’s executive arm, along with other measures implemented by Meta. However, the regulator said these arrangements did not address the risks to data subjects’ fundamental rights and freedoms identified by the European Court of Justice.

See also  EU warns against unilateral action after Poland, Hungary ban Ukrainian grain

Ireland’s data protection authority also told Meta it would “suspend future transfers of personal data to the US for a period of five months”.

Meta was fined €1.2 billion for violating the GDPR. In 2021, e-commerce giant Amazon was fined €746 million for GDPR violations.

Meta said it will appeal the verdict and the fine.

“We are appealing these decisions and will immediately stop the courts from suspending the enforcement deadline given the harm these orders will cause, including to the millions of people who use Facebook every day,” said Nick Clegg. Jennifer Newstead, the company’s chief legal officer of global affairs, said in a blog post on Monday.

The Meta case has refocused the EU and Washington’s efforts to agree a new data exchange mechanism. The US and EU agreed last year “in principle” to a new framework for cross-border data transfers. However, the new agreement is yet to come into effect.

Meta hopes that this EU-US data privacy agreement will be established before the Irish regulator’s deadline.

If the new framework “comes into effect before the implementation deadline expires, our services can continue as they do today without any disruption or impact on users,” Clegg and Newstead said.

Correction: This story has been updated to reflect Max Schrems’ Austrian citizenship.

Leave a Reply

Your email address will not be published. Required fields are marked *