Business Maverick

Business Maverick

Meta Fined Record €1.2 Billion in EU Over US Data Transfers

Meta Fined Record €1.2 Billion in EU Over US Data Transfers
A sign outside the main entrance of the Meta Platforms Inc. office building in the 'Silicon Docks' area of central Dublin, Ireland, on Monday, Jan. 23, 2023. The Irish government has already been notified of far more potential job losses than have been made public to date, documents seen by Bloomberg News show.

Facebook owner Meta Platforms Inc. was hit by a record €1.2 billion ($1.3 billion) European Union privacy fine and given a deadline to stop shipping users’ data to the US after regulators said it failed to protect personal information from the American security services.

The social network giant’s continued data transfers to the US didn’t address “the risks to the fundamental rights and freedoms” of people whose data was being transfered across the Atlantic, the Irish Data Protection Commission said on Monday.

On top of the fine, which eclipses a €746 million EU privacy penalty previously doled out to Amazon.com Inc., Meta was given five months to “suspend any future transfer of personal data to the US” and six months to stop “the unlawful processing, including storage, in the US” of transferred personal EU data.

Meta Platforms shares advanced 2.8% at 9:55 a.m. in New York, more than quadruple the Russell 3000 Index Computer Services Subsector.

The ban on data transfers was widely expected and once prompted the US firm to threaten a total withdrawal from the EU. Still, the likely impact has now been muted by the transition phase and the prospect of a new EU-US data flows agreement that could already be operational by the middle of this year.

Monday’s decision is the latest round in a long—running saga that eventually saw Facebook and thousands of other companies plunged into a legal vacuum. In 2020, the EU’s top court annulled an EU-US pact regulating transatlantic data flows over fears citizens’ data wasn’t safe once it arrived on US servers. Businesses, large and small, move around vast amounts of information needed for everything from sales and marketing to payroll processing, meaning that legal barriers risked disrupting commerce between the EU and US.

Read More: Meta’s $1.3 Billion EU Fine Could Get Worse: Parmy Olson

While judges didn’t strike down an alternative tool based on contractual clauses, their doubts about American data protection quickly led to a preliminary order from the Irish authority telling Facebook it could no longer move data to the US via this other method either.

EU regulators in December unveiled proposals to replace the previous “Privacy Shield” pact that had been torpedoed by the EU’s Court of Justice. This followed months of negotiations with the US, which yielded an executive order by President Joe Biden and US pledges to ensure that EU citizens’ data is safe once it’s shipped across the Atlantic.

Meta said it would appeal the Irish decision, describing it as “flawed” and “unjustified.” The company also promised to “immediately” seek a suspension of the banning orders, saying they would cause harm to “the millions of people who use Facebook every day.”

The data-transfer curbs risk carving up the internet “into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on,” Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, chief legal officer, said in a blog post.

The company will have to file its appeal in Ireland and a final decision could take months, if not years. Amazon’s appeal of its previous record GDPR fine is still pending in the Luxembourg courts.

Meta Dominates the List of Top 5 EU Privacy Fines | Penalties (in € billions) Under General Data Protection Regulation

The crackdown on Meta coincides with the fifth anniversary of the EU’s General Data Protection Regulation, widely seen as a global benchmark. Since 2018, regulators in the 27-nation EU have had the power to wield fines of as much as 4% of a company’s annual revenue for the most serious violations. The Irish watchdog morphed overnight into the lead privacy regulator for some of the biggest tech firms with an EU base in the country, such as Meta and Apple Inc.

That’s led to tensions over the years — with Ireland’s privacy chief Helen Dixon having to ward off continued criticism that her office is too slow or too lax. The Irish watchdog initially didn’t plan on levying a fine, judging it “disproportionate.”

Monday’s fine “shouldn’t distract from the fact that there are still massive problems” with the GDPR, said Johannes Caspar, an academic who was previously one of Germany’s top data regulators. He said the EU court gave clear rulings “that should have been enforced long ago.”

The controversy over data transfers stretches back to 2013, when former contractor Edward Snowden exposed the extent of spying by U.S. agencies.

Privacy campaigner Max Schrems has been challenging Facebook in Ireland — where the social media company has its European base — arguing that EU citizens’ data is at risk the moment it ends up on U.S. servers

Gallery

Comments - Please in order to comment.

Please peer review 3 community comments before your comment can be posted

X

This article is free to read.

Sign up for free or sign in to continue reading.

Unlike our competitors, we don’t force you to pay to read the news but we do need your email address to make your experience better.


Nearly there! Create a password to finish signing up with us:

Please enter your password or get a sign in link if you’ve forgotten

Open Sesame! Thanks for signing up.