Meta fined $1.3 billion by EU for privacy violations

Posted On 23 May 2023
Comment: Off

Meta has five months to put in place measures to halt future data transfers and six months to end U.S. storage of the data it already has.

Meta has been hit with a record $1.3 billion fine by the European Union for breaching data transfer laws.

What happened. Facebook transferred the data of EU citizens to the U.S., violating the EU’s General Data Protection Regulation (GDPR), according to the Irish Data Protection Commission. Meta’s European headquarters are in Dublin.

What the ruling means for Meta. Meta has been given five months to stop future transfers of personal data to the U.S. and six months to cease unlawful processing and storage of EU/EEA users’ data in the U.S., according to the ruling.

Why we care. If the ruling is put in place, Facebook would have to delete a huge amount of data and restructure its IT systems at a very fundamental level. It also would have enormous implications for any company transferring data between the two areas.

By the numbers. May 25 will be the fifth anniversary of GDPR, and Privacy Affairs has been tracking the fines – all 1,701 of them, for a grand total of over $4 billion:

  • Meta accounts for over 50% of all GDPR fines – the company has amassed $2.5 billion in penalties.
  • Meta has been fined seven times – including four just in 2022.
  • By comparison, Amazon and Google have combined for more than $800 million in GDPR fines.

Only Facebook. The decision applies only to Facebook and not other Meta-owned platforms (e.g., Instagram).

What Meta is saying. The company plans to appeal, Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, its chief legal officer, said in a statement:

  • “This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.”

A conflict of laws. The best hope for staying the ruling is a new data transfer treaty between the U.S. and the EU.

Until 2020, these transfers were protected by the Privacy Shield treaty between the two governments. That year the EU’s highest court invalidated the treaty by ruling it did not sufficiently protect EU citizens’ data from American spy agencies.

Negotiations have been underway since the high court’s ruling. Last year, President Biden and Ursula von der Leyen, the president of the European Union, announced the outlines of a deal, but the details are still being hammered out.

This decision may increase the pressure on the U.S. to get it done. However, the complexity of the issues makes it difficult to move quickly.

About the Author