Meta has been fined a record 1.2 billion euros ($1.3 billion) by European privacy regulators for transferring EU user data to the United States.
The decision is linked to a lawsuit brought by . Austrian privacy campaigner Max Schrems . Who argued that the framework for transferring EU citizens’ data to . America does not protect Europeans from US surveillance.
Several mechanisms have been contested to transfer personal data between the US and the EU. The most recent such iteration. The Privacy Shield, was withdrawn in 2020 by the European Court of Justice, the EU’s top court.
The Irish Data Protection Commission, which operates Meta overseas in the EU, alleged that the company breached . The bloc’s General Data Protection Regulation (GDPR). when it continued to send European citizens’ personal data to the US despite a 2020 European Court ruling.
GDPR is the EU’s landmark data protection regulation that governs companies active in the bloc. It came into effect in 2018.
Meta used a mechanism called Standard Contractual Clauses to transfer personal data in and out of the European Union. It has not been blocked by any EU court. The Irish data watchdog said the clauses were adopted by . The European Commission, the EU’s executive arm, in conjunction with other measures implemented by Meta. But, the regulator said the measures “did not address the risks to the fundamental rights and freedoms of data subjects identified by. The European Court of Justice”.
Ireland’s Data Protection Commission also asked Meta to “suspend future transfers of personal data to . The US for five months” after the decision.
The previous largest fine was a 746 million euro charge for e-commerce giant Amazon for GDPR violations in 2021.
Meta said it would appeal the decision and fine.
“We are appealing these decisions and will immediately seek a stay from the courts that could delay . The implementation period, as these orders could cause harm to the millions of people who use Facebook every day,” said Nick Clegg. Meta president of global affairs, and Jennifer Newstead. The company’s chief legal officer, said in a blog post on Monday.
The Meta case has put the focus back on the EU and Washington’s push to agree a new data transfer mechanism. The US and EU last year agreed “in principle” to a new framework for cross-border data transfers. But, the new agreement has not yet come into force.
Meta hopes that this EU-U.S. Data privacy agreements are put in place before . The Irish regulator’s deadline comes into effect.
. Our services can continue as they do today without any disruption or impact to users,” Clegg and Newsted said.