META Slapped with $1.3 Billion Fine for Violating EU Data Transfer Rules
The European Union (EU) has imposed a privacy fine of $1.3 billion on Meta Inc. for failing to adhere to the bloc’s stringent
META Slapped with $1.3 Billion Fine for Violating EU Data Transfer Rules
The European Union (EU) has imposed a privacy fine of $1.3 billion on Meta Inc. for failing to adhere to the bloc’s stringent privacy rules, in the latest severe financial penalty.
The ruling was issued by the Irish Data Protection Commission (DPC), Meta’s chief regulator in the EU, as the company’s regional headquarter is located in Dublin.
The amount has been recorded to be the largest fine issued under the European Union’s General Data Protection Regulation, surpassing Amazon’s 746 million euro fine in 2021 for data protection violations.
The Irish DPC said its probe into Meta found that the company failed to address the risks to ‘the fundamental rights and freedoms’ of EU citizens whose data it was transferring to the U.S.
Beside the fine, the regulator has ordered Meta to suspend ‘any future transfer of personal data’ to the U.S. within the next five months.
Meta also has been given six months to stop the ‘unlawful processing’ and storage of personal data of EU residents in the U.S.
The brief background of the case is that in 2020, the European Court of Justice canceled a data flow agreement between the U.S. and the EU due to concerns over the surveillance practices of U.S. law enforcement and intelligence agencies.
Following which, the U.S. tech giants started relying on alternate methods to transfer data, including something called standard contractual clauses (SCCs).
The Irish privacy watchdog was of the considered view that Meta’s use of a legal instrument known as standard contractual clauses (SCCs) to move data to the U.S.
Thereafter, the DPC’s investigation, found that Meta’s use of the SCCs failed to mitigate the risks identified by the European Top Court’s ruling, that data shipped across the Atlantic was not sufficiently protected from the US spy agencies.
In its statement, the DPC said it disagreed with the fine imposed on Meta, but it was enforced to go ahead with it due to a decision passed by the pan-EU European Data Protection Board (EDPB).
Subsequently, the EDPB’s intervention came after the DPC’s original ruling in the case, which only suspended Facebook’s data flows faced opposition from four other national regulators in the bloc, who demanded a monetary fine.