The penalty issued by Ireland’s privacy regulator sets a new record for violating EU data protection regulations.
Meta, the owner of Facebook, faces a historic €1.2bn (£1bn) fine and has been instructed to halt the transfer of user data from the EU to the US. The penalty, issued by the Irish Data Protection Commission (DPC) responsible for overseeing Meta in the EU, sets a new record for violating the General Data Protection Regulation (GDPR) of the bloc. The suspension of data transfers by Facebook is not immediate, with Meta granted a five-month timeframe to implement the directive.
The penalty from the DPC is connected to a legal dispute initiated by Max Schrems, an Austrian privacy activist. The concern stems from the Edward Snowden disclosures, raising doubts about the adequacy of protection for European users’ data against US intelligence agencies during transatlantic transfers. It’s worth noting that the ruling does not affect data transfers on Meta’s other prominent platforms, namely Instagram and WhatsApp.
According to the DPC, Meta violated the GDPR by persisting in transferring EU user data to the US, disregarding a previous ruling by the European Court of Justice that demanded robust protection for such information. The regulatory body asserted that Facebook’s employment of standard contractual clauses for data transfers failed to adequately address the risks to individuals’ fundamental rights and freedoms, as highlighted in the court’s judgment.
In response, Meta claimed that it had been unfairly targeted by the DPC, considering that numerous other businesses employ the same data transfer mechanism.
The DPC expressed its divergence from other EU regulators regarding the penalty for Meta, leading to the intervention of the European Data Protection Board, consisting of data protection authorities from across the EU. Their involvement aimed to determine whether a fine should be imposed.
