Meta had failed to properly protect EU Facebook account data. Credit: Getty Images / SOPA Images / Contributor

Meta has been fined a record $1.3bn by the EU for violating its data privacy rules. 

On 22 May, the Irish Data Protection Commission (IDPC) announced that Meta had failed to properly protect EU Facebook account data from US spy agencies.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

The Irish watchdog said that the Facebook, Whatsapp and Instagram owner had violated the EU’s General Data Protection Regulation (GDPR).

The IDPC claims Meta’s handling of EU Facebook data which was moved to the US through standard contractual clauses (SSCs) “did not address the risks to the fundamental rights and freedoms” of European users. 

The fine follows a ruling from the European Court of Justice in 2020 which saw an EU-US data flow agreement, known as Privacy Shield, discontinued over fears of surveillance by US intelligence services.

At the same time, the EU court enforced stricter requirements on SCCs, a legal tool also used by companies, including Meta, to transfer personal data to the US.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The EU and US are currently working on a new data flow deal to replace Privacy Shield and SSCs, scheduled for completion in October.

According to the EU, Meta has until 12 October to stop using SCCs for their transfers. 

Meta has claimed that it may have to shut down its services in Europe if it were no longer able to use SCCs without an alternative.

“If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe,” Meta said in a US filing to the Securities and Exchange Commission last year.

GDPR has kept the EU busy

Meta’s fine is the biggest to come from the EU’s five-year-old GDPR privacy law and falls very close to the day of its fifth anniversary on 25th May. 

However, despite this being the largest penalty since its creation, GDPR has kept the EU busy over the past half decade. 

In 2021, Amazon was fined around $750m by Luxembourg after it violated the GDPR.

Meta has also been at fault under the regulation before too and has seen fines of over $300m for all three of its social media platforms since 2021. 

GlobalData is the parent company of Verdict and its sister publications.