The European Union has fined Meta, the parent company of Facebook, a whopping 1.2 billion Euros – $1.3 billion – a record fine for allegedly transferring user data back to the U.S. in violation of European regulations. The fine was issued against Meta Platforms Ireland Limited following an investigation conducted by the Irish Data Protection Authority (IE DPA).
Apparently, Meta/Facebook, which also owns the social media platform Instagram, has yet to learn from its past mistakes. This is not the first time the company has been fined for violating user privacy and/or using personal data without consent or even informing the users of what the company was doing. European regulators have shown they are not shy about going after the big corporations in these matters, having previously fined companies like Google.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at email@example.com.
The European Data Protection Board (EDPB), the agency that levied the fine, said the fine was imposed for Meta’s transfers of personal data to the U.S. on the basis of standard contractual clauses (SCCs) since 16 July 2020. Furthermore, Meta has been ordered to bring its data transfers into compliance with the GDPR.
Andrea Jelinek, EDPB Chair, said, “The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive and continuous. Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences.”
The EDPB said it instructed the IE DPA to amend its draft decision and to impose a fine on Meta IE, explaining that, “given the seriousness of the infringement” the EDPB found that the starting point for calculation of the fine should be between 20% and 100% of the applicable legal maximum. The EDPB also instructed the IE DPA to order Meta IE to bring processing operations into compliance with Chapter V GDPR, by ceasing the unlawful processing, including storage, in the U.S. of personal data of European users transferred in violation of the GDPR, within 6 months after notification of the IE SA’s final decision.
Meta, of course, pledged to appeal the decision saying in a statement, “We are appealing these decisions and will immediately seek a stay with the courts who can pause the implementation deadlines, given the harm that these orders would cause, including to the millions of people who use Facebook every day.”