An Irish division of Meta was fined $1.3 billion for transferring EU-based users’ data to the United States, the largest penalty in the history of European data privacy law.
Meta Platforms Ireland Limited (Meta IE) was fined under the General Data Protection Regulation (GDPR), announced in a press release by the European Data Protection Board (EDPB). The fine was leveled on the grounds that the company keeps transferring EU citizens’ personal data to the U.S. in violation of privacy regulations.
“The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive and continuous,” EDPB Chair Andrea Jelinek said. “Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences.”
Beyond the monetary punishment, Meta has also been ordered to “bring processing operations into compliance with Chapter V GDPR, by ceasing the unlawful processing, including storage, in the U.S. of personal data of European users transferred in violation of the GDPR.”
Meta announced it will appeal the ruling, arguing that the situation is not about its own corporate practices but rather, the gap between U.S. government data access rules and EU privacy rights.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US,” said the post, penned by Meta’s president of global affairs Nick Clegg.
Clegg’s post noted that “there will be no suspension of the transfers or other action required of Meta, such as a requirement to delete EU data subjects’ data once the underlying conflict of law has been resolved.” Citing the EU and U.S.’ Data Privacy Framework (DPF) agreement, Meta’s statement said that so long as the DPF comes into effect before the company is forced to comply with the EDPB’s orders, then there won’t be disruptions for EU Facebook users. What happens if the DPF doesn’t come into effect in time wasn’t explicitly outlined.
Meta did not respond to TheWrap’s request for comment.
