Facebook’s Parent Company Meta Fined €1.2bn for Data Breach

The Ireland Data Protection Commission (DPC) has fined giant tech company Meta €1.2 billion for improper handling of user data during transfer between Europe and the United States.

This fine imposed on Meta is the largest ever issued under the General Data Protection Regulation (GDPR) privacy law.

Largest Penalty Fine Ever Issued by DPC

In a groundbreaking decision that sent shockwaves through the tech industry, Meta has been slapped with a record-breaking fine of €1.2 billion by European Union authorities for violating data transfer regulations.

The European Court of Justice has fined $META a record $1.3 Billion for transferring data to the US violating GDPR (General Data Protection Regulation)

This is highest anyone has ever been fined for violating GDPR. $AMZN (Amazon) was fined 746 Euro in 2021@Meta plans to appeal pic.twitter.com/M7x5iOLraY

— Finance Results (@FinanceResults) May 22, 2023

The fine will surpass the €746 million fine levied by the Luxembourg National Commission for Data Protection (CNPD) against Amazon in 2021 as the largest ever for a violation of the EU’s General Data Protection Regulation (GDPR).

This development is a significant setback for the company, highlighting the growing demand for accountability when protecting user data.

The ruling is a direct consequence of the European Court of Justice’s landmark Schrems II judgment, invalidating the EU-US Privacy Shield framework in July 2020 due to concerns about mass surveillance and a lack of privacy protection for EU citizens.

The decision effectively prohibited companies from transferring personal data from the EU to the U.S. unless they could demonstrate that the data would be adequately protected.

According to the Ireland Data Protection Commission (DPC), platforms must ensure adequate safeguards for data transfers from the EU to the U.S.

Latest News: Data Protection Commission announces conclusion of inquiry into Meta Ireland https://t.co/fFcppEOCFT pic.twitter.com/tTgLMlw3sY

— Data Protection Commission Ireland (@DPCIreland) May 22, 2023

The European Data Protection Board (EDPB) found that Facebook violated the GDPR by transferring user data from the EU to the United States without adequate safeguards.

Facebook’s alleged failure to comply with this requirement led to the severe penalty imposed by the EDPB.

The European Data Protection Board reportedly instructed the Irish watchdog to collect “an administrative fine of 1.2 billion euros” before it imposed the penalty on behalf of European authorities.

Meta to Appeal the Fine

Facebook’s EU operation has five months to “suspend any future transfer of personal data to the U.S.” and six months to stop processing and storing any personal data of European citizens that was previously transferred to the U.S. in violation of GDPR.

According to Meta, the ruling would be appealed, and there wouldn’t be any immediate service interruptions for Facebook users in the European Union.

Nick Clegg, Meta’s global affairs president, noted that this is not just about one company’s privacy policies. Rather, there is a fundamental legal disagreement between European privacy rights and U.S. government restrictions on data access.

Today’s @DPCIreland decision is not about one company’s privacy practices – there is a fundamental conflict of law between the US government’s rules on access to data & European privacy rights, which policymakers are expected to resolve in the summer. See our blog here:…

— Nick Clegg (@nickclegg) May 22, 2023

This is a matter that lawmakers in the United States and European Union are expected to settle in the summer.

A Solution on the Horizon

Without the ability to move data across borders, the internet risks division into regional and national silos, hindering the global economy and preventing access to essential services for residents from different nations.

Due to this concern, establishing a strong legal foundation for data transfers between the EU and the U.S. has long been a top political priority on both sides of the Atlantic.

Meta and other businesses typically depend on a new data deal between the U.S. and the EU.

With the new Data Privacy Framework (DPF), EU and U.S. policymakers are on a clear road to resolving this disagreement.

In March 2022, President Biden and European Commission President Von der Leyen declared that they had reached an agreement on the fundamentals of a new framework to allow the unrestricted flow of transatlantic data.

Policymakers have vowed to swiftly implement the DPF to its full extent on both sides of the Atlantic.

This is great news, as like-minded democracies should work together to advance and preserve the open Internet concept, which is under threat from authoritarian countries.

Related News

• Meta To Start Laying Off Employees Next Week In Latest Round Of Layoffs
• Meta’s AI Records Significant Growth in Digital Ad and Annual Revenue
• Apple Bans ChatGPT Use For Employees Due To Fear Over Data Leaks