Facebook parent company Meta Platforms has been hit with a record €1.2 billion ($1.3 billion) fine after it was found to have transferred the data belonging to users in Europe to servers it maintains in the US.
The Irish Data Protection Commission, which regulates Meta’s EU operations, has found that the tech firm violated the bloc’s General Data Protection Regulation (GDPR) by forwarding the data of EU citizens to the US in spite of a 2020 European court ruling forbidding it from doing so.
On Monday, the privacy regulator stated the the use by Meta of a legal instrument called a standard contractual clause (SCC), to transport data to the US “did not address the risks to the fundamental rights and freedoms” of users of Facebook in Europe which had been raised by a landmark ruling from the top court in Europe.
In a 2020 ruling, the European Court of Justice implemented an EU-US data flows agreement called the Privacy Shield, following fears American intelligence services were engaging in surveillance of EU users. The ruling also tightened the requirements around the use of SCCs, which had until then been a widely employed practice used by companies seeking to transfer personal data about their users to the US.
In its new ruling, the Irish Data Protection Commission told Meta on Monday to “suspend any future transfer of personal data to the US within the period of five months” from the decision.
At $1.3 billion, the fine is the largest penalty ever levied against a company for a violation of the GDPR privacy law. Previously online retailer Amazon had been fined €746 million after it was found to have violated data-processing regulations in 2021.
Meta has said it intends to appeal the decision and the fine.
Sir Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, chief legal officer at the company issued a statement on Monday, saying, “We are appealing these decisions and will immediately seek a stay with the courts who can pause the implementation deadlines, given the harm that these orders would cause, including to the millions of people who use Facebook every day.”
A new data flow agreement is presently in the works between the EU and the US, with it expected to be released sometime between July and October. Meta was given until October 12th, to cease the use of SCCs to transfer data.
The company has warned that if it is denied the use of SCCs, and lacks any alternative data flow deal, it may be forced to close down its services in Europe, such as Facebook and Instagram.
