Meta has been hit with a record-breaking fine of 1.2 billion euros ($1.3 billion) by European privacy regulators for transferring EU user data to the US.
The decision stems from a case initiated by privacy campaigner Max Schrems, who claimed that the existing framework for data transfers did not adequately protect Europeans from US surveillance.
Various mechanisms for legally transferring personal data between the EU and the US have faced scrutiny.
Read More: Facebook faces £648m fine and data transfer suspension in Ireland
In 2020, the European Court of Justice, the highest court in the EU, invalidated the most recent version of such mechanism called Privacy Shield.
The Irish Data Protection Commission, overseeing Meta’s operations in the EU, alleged that it violated the EU’s General Data Protection Regulation (GDPR).
Despite the court ruling, the company was accused of continuing to transfer European citizens’ data to the US.
Meta utilized standard contractual clauses to facilitate data transfers, which any EU court had not blocked.
Read More: McDonald’s franchisees fined for employing minors, including 10-year-olds
But the Irish regulator deemed these arrangements insufficient in addressing the risks to data subjects’ fundamental rights and freedoms, as identified by the European Court of Justice.
In addition to the hefty fine, the Data Protection Commission instructed Meta to halt any future data transfers to the US within five months.
This penalty is the largest ever imposed for GDPR violations, surpassing the previous record set by Amazon with a fine of 746 million euros in 2021.
Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, chief legal officer at the company, said Meta plans to appeal the decision and the fine.
Need Career Advice? Get employment skills advice at all levels of your career
They said: “We are appealing these decisions and will immediately seek a stay with the courts who can pause the implementation deadlines, given the harm that these orders would cause, including to the millions of people who use Facebook every day.”
The company aims to secure a stay on the implementation deadlines through the courts, highlighting the potential harm to millions of daily Facebook users.
The case has reignited discussions between the EU and the US regarding a new data transfer framework, although the agreement has yet to effect.
Clegg and Newstead said if the new framework “comes into effect before the implementation deadlines expire, our services can continue as they do today without any disruption or impact on users.”
Follow us on YouTube, Twitter, LinkedIn, and Facebook.