Meta has been hit with a record-setting $1.3 billion fine from European Union (EU) regulators early Monday and was ordered to stop transferring data on EU residents to the United States.
Ireland’s Data Protection Commission argued that this data transfer to the U.S., where Meta is based, is a violation of the General Data Protection Regulation (GDPR). The issue reaches back all the way to 2013 and whistleblower Edward Snowden’s revelation on how data is handles in the U.S.
Data transfers, not unlike the ones in question now, were previously protected by the transatlantic pact Privacy Shield, as The Verge reports. However, a 2020 ruling found that it lacked adequate protections due to the mass surveillance conducted in the U.S. by organizations like the NSA (which came to light thanks to Snowden).
Now, Irish regulators maintain that the changes Meta Ireland made “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the [The Court of Justice of the European Union] in its judgment.”
“Unless U.S. surveillance laws get fixed, Meta will have to fundamentally restructure its systems,” Max Schrems, who won the suit bringing about the 2020 ruling, said in a statement on Monday, according to The New York Times.
The Verge notes, however, that the EU and U.S. are working on a new deal relating to transfer data “that could be in place as early as this summer and as late as October.”
This latest ruling applies only to Facebook and not any other Meta-owned companies like Instagram or WhatsApp. Further, Meta has a five-month grace period to come into compliance. Within six months, Facebook must cease processing and storage of personal data on EU citizens that was transferred in violation of GDPR.
Still, the €1.2 billion (about $1.3 billion) fine is a record-breaking one, beating out another issued to Amazon for €746 million in 2021. Amazon’s fine was for similar privacy concerns.
However, Meta said in a release that it will appeal the ruling and called the fine “unjustified and unnecessary.” It went so far as to say it was being singled out in the conflict between U.S. date laws and European privacy rights, saying Meta is “using the same legal mechanism as thousands of other companies looking to provide services in Europe.” The company added there would be no immediate disruption in service to Facebook in Europe.
Image credits: Header photo licensed via Depositphotos.