The Ireland Data Protection Commission (DPC) has fined giant tech company Meta €1.2 Billion for improper handling of user data during transfer betwixt Europe and the United States.
This fine imposed on Meta is the largest ever announced under the General Data Protection Regulation (GDPR) privacy law.
Largest Penalty Fine Ever Announced by DPC
In a groundbreaking decision that sent shockwaves through the tech industry, Meta has been slapped with a record-breaking fine of €1.2 Billion by European Union authorities for violating data transfer regulations.
The European Court of Justice has fined $META a record $1.3 Billion for transferring data to the United States violating GDPR (General Data Protection Regulation)
This is highest anyone has ever been fined for violating GDPR. $AMZN (Amazon) was fined 746 Euro in 2021@Meta intends to appeal pic.twitter.com/M7x5iOLraY
— Finance Results (@FinanceResults) May 22, 2023
The fine will surpass the €746 Million fine levied by the Luxembourg National Commission for Data Protection (CNPD) against Amazon in 2021 as the largest ever for a violation of the EU’s General Data Protection Regulation (GDPR).
This development is a whole lot of setback for the company, highlighting the growing demand for accountability when protecting user data.
The ruling is a direct consequence of the European Court of Justice’s landmark Schrems II judgment, invalidating the EU- United States Privacy Shield framework in July 2020 owing to concerns about mass surveillance and a lack of privacy protection for EU citizens.
The decision effectively prohibited corporations from transferring personal data from the EU to the United States unless they could demonstrate that the data would be adequately protected.
Reports by the Ireland Data Protection Commission (DPC), platforms must secure adequate safeguards for data transfers from the EU to the U.S.
Latest News: Data Protection Commission outlines conclusion of inquiry into Meta Ireland pic.twitter.com/tTgLMlw3sY
— Data Protection Commission Ireland (@DPCIreland) May 22, 2023
The European Data Protection Board (EDPB) found that Facebook violated the GDPR by transferring user data from the EU to the United States without adequate safeguards.
Facebook’s alleged failure to comply with this requirement led to the severe penalty imposed by the EDPB.
The European Data Protection Board reportedly instructed the Irish watchdog to collect “an administrative fine of 1.2 Billion euros” before it imposed the penalty on behalf of European authorities.
Meta to Appeal the Fine
Facebook’s EU operation has 5 months to “suspend any future transfer of personal data to the U.S.” and 6 months to stop processing and storing any personal data of European citizens that was previously transferred to the United States in violation of GDPR.
Reports by Meta, the ruling would be appealed, and there wouldn’t be any immediate service interruptions for Facebook users in the European Union.
Nick Clegg, Meta’s worldwide affairs president, pointed out that this is not just about one company’s privacy policies. Rather, there is a fundamental legal disagreement betwixt European privacy rights and United States Government restrictions on data access.
Today’s @DPCIreland decision is not about one company’s privacy practices – there is a fundamental conflict of law betwixt the United States government’s regulations on access to data & European privacy rights, which policymakers are expected to fix in the summer. See our blog here:…
— Nick Clegg (@nickclegg) May 22, 2023
This is a matter that lawmakers in the United States and European Union are expected to settle in the summer.
A Solution on the Horizon
Without the potential to move data across borders, the internet dangers division into regional and national silos, hindering the worldwide economy and preventing access to essential services for residents from different nations.
Owing to this concern, establishing a strong legal foundation for data transfers betwixt the EU and the United States has long been a top political priority on both sides of the Atlantic.
Meta and other enterprises typically depend on a new data deal betwixt the United States and the EU.
With the new Data Privacy Framework (DPF), EU and United States policymakers are on a clear road to resolving this disagreement.
In March 2022, President Biden and European Commission President Von der Leyen declared that they had reached an agreement on the fundamentals of a new framework to allow the unrestricted flow of transatlantic data.
Policymakers have vowed to swiftly implement the DPF to its full extent on both sides of the Atlantic.
This is great news, as like-minded democracies should work together to advance and preserve the open Internet concept, which is under threat from authoritarian countries.