New Delhi: Meta (META.O) has been slapped with a historic 1.2 billion euro ($1.3 billion) fine by the European Union’s leading privacy regulator, following its mishandling of user information. The Irish Data Protection Commissioner (DPC) imposed the fine after Meta continued to transfer data in violation of a 2020 EU court ruling that invalidated an EU-U.S. data transfer agreement. This penalty surpasses the previous record fine of 746 million euros imposed on Amazon.com Inc (AMZN.O) by Luxembourg in 2021.
The dispute regarding the storage of Meta’s Facebook data began a decade ago when Austrian privacy campaigner Max Schrems raised concerns about the risk of U.S. surveillance following revelations by former U.S. National Security Agency contractor Edward Snowden.
In response to the ruling, Meta released a statement expressing its intention to appeal, citing the unjustified and unnecessary nature of the fine, which it believes sets a dangerous precedent for numerous other companies. Meta also plans to seek a stay of the suspension orders through the courts.
Meta reiterated its expectation that a new agreement enabling the safe transfer of EU citizens’ personal data to the United States would be fully implemented before any suspension of data transfers is necessary. This would nullify the previous warning that a halt in transfers could result in the suspension of Facebook services in Europe. Meta emphasized that without the ability to transfer data across borders, the internet risks becoming fragmented into national and regional silos.
The DPC stated in March that EU and U.S. officials were optimistic that a new data protection framework, agreed upon by Brussels and Washington in March 2022, could be ready for implementation by July. The European Court of Justice, the top court in Europe, invalidated the two prior data transfer agreements due to concerns about U.S. surveillance.
Schrems expressed skepticism about Meta’s reliance on the new agreement for future transfers, suggesting that it is unlikely to provide a permanent solution. He stated, “In my view, the new deal has maybe a 10% chance of not being killed by the CJEU (EU Court of Justice). Unless U.S. surveillance laws get fixed, Meta will likely have to store EU data within the EU.”
The DPC, which serves as the primary EU regulator for many top technology companies due to their European headquarters being located in Ireland, believes that the suspension order against Meta could set a precedent for other firms. The regulator has now fined Meta a total of 2.5 billion euros for breaching the General Data Protection Regulation (GDPR) introduced in 2018.
Initially, the DPC did not propose imposing a fine alongside the suspension order. However, four other EU supervising authorities disagreed, and the record-breaking fine was added following a ruling by the European Data Protection Board (EDPB).
The Irish regulator has levied more fines against Meta than any other tech firm and currently has ten ongoing investigations into the social media company’s platforms.