Meta has been fined a record $1.3bn by the EU for violating its data privacy rules.
On 22 May, the Irish Data Protection Commission (IDPC) announced that Meta had failed to properly protect EU Facebook account data from US spy agencies.
The Irish watchdog said that the Facebook, Whatsapp and Instagram owner had violated the EU’s General Data Protection Regulation (GDPR).
The IDPC claims Meta’s handling of EU Facebook data which was moved to the US through standard contractual clauses (SSCs) “did not address the risks to the fundamental rights and freedoms” of European users.
The fine follows a ruling from the European Court of Justice in 2020 which saw an EU-US data flow agreement, known as Privacy Shield, discontinued over fears of surveillance by US intelligence services.
At the same time, the EU court enforced stricter requirements on SCCs, a legal tool also used by companies, including Meta, to transfer personal data to the US.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
The EU and US are currently working on a new data flow deal to replace Privacy Shield and SSCs, scheduled for completion in October.
According to the EU, Meta has until 12 October to stop using SCCs for their transfers.
Meta has claimed that it may have to shut down its services in Europe if it were no longer able to use SCCs without an alternative.
“If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe,” Meta said in a US filing to the Securities and Exchange Commission last year.
GDPR has kept the EU busy
Meta’s fine is the biggest to come from the EU’s five-year-old GDPR privacy law and falls very close to the day of its fifth anniversary on 25th May.
However, despite this being the largest penalty since its creation, GDPR has kept the EU busy over the past half decade.
In 2021, Amazon was fined around $750m by Luxembourg after it violated the GDPR.
Meta has also been at fault under the regulation before too and has seen fines of over $300m for all three of its social media platforms since 2021.
GlobalData is the parent company of Verdict and its sister publications.