Meta, formerly known as Facebook, has been hit with a record-breaking 1.2 billion euro ($1.3 billion) fine by the Data Protection Commissioner (DPC) in Ireland, the company’s lead privacy regulator in the European Union. The fine is a result of Meta’s mishandling of user information and its continued transfer of personal data to the United States. This penalty surpasses the previous record EU privacy fine imposed on Amazon Inc by Luxembourg in 2021.
— Data Protection Commission Ireland (@DPCIreland) May 22, 2023
The DPC’s Ruling
The DPC’s decision to impose such a substantial fine on Meta is centered around the company’s failure to cease the transfer of user data to the United States. Meta has been given a five-month deadline to rectify this issue. The ruling comes as a culmination of a decade-long battle that started when Austrian privacy campaigner Max Schrems challenged Facebook’s data storage practices, citing concerns over U.S. surveillance following revelations by former National Security Agency contractor Edward Snowden.
Meta has swiftly responded to the ruling, expressing its intention to appeal the decision and contest the “unjustified and unnecessary fine.” The company plans to seek a stay of the orders through the courts, hoping to halt the enforcement of the penalties while the legal process unfolds. Meta is determined to defend its data transfer practices and ensure its ability to continue providing services to European users.
Meta’s expectation was that a new agreement facilitating the safe transfer of EU citizens’ personal data to the United States would be fully implemented before the deadline, thereby avoiding the need to suspend transfers.
This agreement, a data protection framework negotiated between the EU and the U.S. government in March 2022, holds the potential to resolve the ongoing dispute. However, Meta has cautioned that there is a possibility the framework may not be ready in time, potentially disrupting its operations in Europe.