Meta has been fined 1.2 billion euros by the European Union and ordered to suspend transfers of user data to the United States, the largest EU fine ever imposed on a major tech company for privacy violations.
Ireland’s Data Protection Commission, which oversees the General Data Protection Regulation, fined Meta on Monday, saying Facebook had breached its rules requiring platforms to ensure data transfers from Europe to the United States have appropriate safeguards.
Instead, the DPC found that the platform’s EU-US data flow relied on contractual clauses that “did not address risks to users’ fundamental rights and freedoms,” despite an earlier EU court ruling ordering it to better protect users from intrusive US surveillance programs. personal information.
The EU slapped a record fine for privacy violations after Luxembourg regulators imposed 746 million euros in sanctions on Amazon in 2021.
According to the DPC, Facebook’s operations in the EU have five more months to “suspend any future transfers of personal data to the US” and six months to cease processing (including storing) the personal data of any European citizens previously transferred to the US The information violates the GDPR.
“We are . . . disappointed to be singled out using the same legal mechanisms as thousands of other companies looking to offer their services in Europe,” said Nick Clegg, Meta’s president of global affairs.
“This decision is flawed, unreasonable and sets a dangerous precedent for countless other companies transferring data between the EU and the US,” he added.
The fine comes as Meta, which has a market value of $630 billion, is battling a slump in the advertising industry amid a broader economic slowdown, prompting several rounds of layoffs from Chief Executive Mark Zuckerberg and a pledge to be “efficient.” year”.
It is the latest in a string of fines around the world for lax privacy protections for the social media giant, including a $5 billion fine from the FTC in 2019 over the Cambridge Analytica scandal.
The Irish watchdog has drawn criticism from privacy activists and other EU data watchdogs for lacking ambition to go after Big Tech, either by imposing fines deemed too small or by not taking cases in the first place.
Irish officials are likely to point to the fine as the latest evidence that the rules are being enforced correctly.
Social media platforms have been struggling since a 2020 ruling by the European Court of Justice found that companies seeking to comply with GDPR could not rely on the previous EU-US Privacy Shield because it did not adequately protect user data from US surveillance.
Meta threatened to withdraw from the EU last year if Ireland’s data protection regulator banned EU-US data flows, which would severely damage its business.
The company is expected to appeal the DPC’s decision, during which time new transatlantic privacy protections could be introduced. In October 2022, US President Joe Biden signed an executive order detailing the steps the White House will take to comply with the new EU-US data privacy framework currently being negotiated.