The leading European Union privacy regulator, Ireland’s Data Protection Commissioner (DPC), has slapped a record 1.2 billion euro ($1.3 billion) fine on Meta Platforms Inc. over its handling of user data, according to a Reuters report.
The Silicon Valley tech giant has been given a five-month deadline to halt all user data transfers to the United States.
This decision was catalyzed by Meta’s ongoing data transfers, defying a 2020 ruling by an EU court that had annulled an EU-U.S. data transfer agreement.
The fine imposed on Meta is the highest EU privacy penalty to date, surpassing the previous record of a 746 million euro fine that was levied on Amazon.com Inc (AMZN.O) by Luxembourg in 2021.
A long-standing conflict has been in place about where Meta’s Facebook stores its user data.
The issue was spotlighted a decade ago, following a lawsuit by Austrian privacy advocate Max Schrems.
His legal challenge spotlighted the potential risk of U.S. surveillance, an issue brought to the forefront by revelations made by former U.S. National Security Agency contractor Edward Snowden, Reuters notes.
Reacting to the decision, Meta expressed its intention to contest the verdict and the “unjustified and unnecessary fine that “sets a dangerous precedent for countless other companies.”
Furthermore, Meta aims to countermand the suspension orders through legal avenues.
The social media titan reassured that a new agreement facilitating the secure transmission of EU citizens’ personal data to the U.S. will likely be in place before the transfers have to be stopped.
Meta previously cautioned that any halt in data transfers could potentially force it to suspend Facebook services in Europe, a scenario that now seems unlikely.
Meta stressed the importance of cross-border data transfers, warning that the absence of such ability would risk fragmenting the internet into national and regional partitions.
“Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos,” said Meta in a statement.
The DPC previously hinted that a new data protection framework, mutually agreed upon by Brussels and Washington in March 2022, might be finalized by July.
However, the European Court of Justice, the highest court in Europe, has dismissed the past two agreements over concerns about U.S. surveillance.
Schrems, who spearheaded the privacy campaign against Meta, expressed skepticism about Meta’s reliance on the new agreement for future data transfers.
“In my view, the new deal has maybe a 10% chance of not being killed by the CJEU (EU Court of Justice). Unless U.S. surveillance laws get fixed, Meta will likely have to keep EU data in the EU,” he commented.
Ireland’s DPC, due to its role as the primary EU regulator for numerous global tech firms whose European headquarters are located in Ireland, has indicated that the suspension order may establish a precedent for other companies.
Since the inception of the General Data Protection Regulation (GDPR) in 2018, the DPC has imposed fines totaling 2.5 billion euros on Meta for violations, according to Reuters.
Initially, the DPC had no plans to pair a fine with the suspension order, but after objections from four other EU supervising authorities, a record fine was appended following a directive from the European Data Protection Board (EDPB).
The DPC, having fined Meta more than any other tech company, currently has ten more investigations underway into the social media conglomerate’s platforms.