Facebook parent company Meta has been slammed with a record-breaking $1.3 billion fine by EU data regulators and has been ordered to stop transferring the Facebook data of EU citizens to the US.
Ireland’s Data Protection Commission (DPC) issued the ruling, stating that the existing legal framework for transferring data to the US failed to adequately address the risks to the fundamental rights and freedoms of Facebook’s EU users, thus violating General Data Protection Regulation (GDPR).
The imposed fine surpasses the previous EU record of €746 million imposed on Amazon in 2021 for comparable privacy violations.
Janine Regan, Legal Director for Data Protection at City law firm, Charles Russell Speechlys said, “This fine concerns some of the most legally complex issues that data privacy practitioners have ever had to tackle. The level of the fine is staggering particularly because it’s not an issue that any one company can resolve on its own and given that there is political agreement on both sides of the Atlantic to solve the issue.
“It’s likely that an alternative transfer mechanism will be ready over the summer so that Meta does not have to completely suspend transatlantic transfers, but this will be little consolation for a company facing such a record-breaking fine,” added Regan.
Meta says it will appeal
After the fine, Meta didn’t take long to put out a blog post stating its intention to appeal and calling the decision “unjustified and unnecessary.
“We are appealing these decisions and will immediately seek a stay with the courts who can pause the implementation deadlines, given the harm that these orders would cause, including to the millions of people who use Facebook every day,” Meta wrote.
The transfer of data to the US is crucial for Meta’s extensive ad-targeting activities, as it involves processing various streams of personal data from its users. Meta stated last year that it would have to contemplate the possibility of closing down Facebook and Instagram in the EU if data transfer to the US was not permitted – a warning that EU politicians perceived as an apparent threat.
“Meta cannot just blackmail the EU into giving up its data protection standards,” replied EU lawmaker Axel Voss. “Leaving the EU would be their loss.”
Jason Bell, founder at AI specialists, Synthetica Data says, “The EU’s fine, while large, is not the full amount it could have charged Meta. It’s only 1.03% on the $116bn USD revenues for 2022. Maximum fines of 4% could have been imposed sending a very clear signal to companies but also a reminder to artificial intelligence companies that the same could happen to them with the upcoming AI regulation bill.”
Despite the order for Meta to halt data transfers, certain conditions favour the metaverse company. Firstly, the ruling solely pertains to Facebook’s data, excluding other Meta entities such as Instagram and WhatsApp. Secondly, Meta has a five-month grace period to cease future transfers and a six-month deadline to halt the retention of existing data in the US.
Lastly, negotiations between the EU and the US for a new data transfer agreement are underway and could be implemented as early as this summer or as late as October.