Facebook Owner Meta Platforms Hit with €1.2 Billion Privacy Fine by EU, Ordered to Halt Data Transfers to the US

Meta Platforms Inc., the owner of Facebook, received a historic €1.2 billion ($1.3 billion) privacy fine from the European Union. Additionally, regulators have imposed a deadline for Meta Platforms Inc. to cease the transfer of users’ data to the United States. This action was taken due to the company’s failure to safeguard personal information from being accessed by American security services.

Meta Platforms Inc., the owner of Facebook, has been issued a €1.2 billion ($1.3 billion) fine by the Irish Data Protection Commission, surpassing the previous €746 million penalty imposed on Amazon.com Inc. This record fine was accompanied by a directive to halt the transfer of users’ data to the United States due to concerns regarding the protection of individuals’ fundamental rights and freedoms. The company has been given five months to suspend future data transfers to the US and six months to cease the unlawful processing and storage of transferred EU personal data within the US.

Although the ban on data transfers was expected and had previously prompted Meta to consider withdrawing from the EU, the impact has been reduced by a transitional period specified in the decision and the possibility of a new EU-US data flows agreement, which could be in effect by mid-year.

This recent decision marks another development in a prolonged legal process that ensnared Facebook and numerous other companies. In 2020, the top court of the EU invalidated an EU-US data transfer agreement, citing concerns about the safety of citizens’ data once it reached US servers. While an alternative mechanism based on contractual clauses was not explicitly invalidated, doubts regarding US data protection led to a preliminary order from the Irish authority, prohibiting Facebook from using this method as well.

In December, EU regulators introduced proposals to replace the defunct “Privacy Shield” agreement, following negotiations with the US. These discussions resulted in an executive order from US President Joe Biden and assurances that EU citizens’ data would be adequately protected during transatlantic transfers.

Coinciding with the fifth anniversary of the EU’s General Data Protection Regulation (GDPR), considered a global standard for privacy, the Meta fine underscores the enforcement powers of EU regulators. Since May 2018, these regulators have had the authority to impose fines of up to 4% of a company’s annual revenue for severe violations. The Irish Data Protection Commission has emerged as the lead privacy regulator overnight for major tech firms with an EU presence, including Meta and Apple Inc.