European Union hits Facebook parent Meta with record $1.3 billion fine over user data transfers to US File | Photo Credit: AP
The European Union slapped Meta with a record $1.3 billion privacy fine on May 22 and ordered it to stop transferring user data to Atlantic by October, the latest salvo in a decade-long case sparked by fears of US cybersnooping.
The €1.2 billion fine from Ireland’s Data Protection Commission is the largest since the EU’s strict data privacy regime came into force five years ago, surpassing Amazon’s €746 million fine in 2021 for data protection violations.
Also read | The EU draft proposes stricter cybersecurity labeling rules
The Irish watchdog is Meta’s main privacy regulator in the 27-country bloc because the Silicon Valley tech giant’s European headquarters are based in Dublin.
Meta, which has previously warned that services for its European users could be cut, has vowed to appeal and ask the courts to immediately delay the decision.
“There is no immediate disruption to Facebook in Europe,” the company said.
“This decision is flawed, unreasonable and sets a dangerous precedent for countless other companies that transfer data between the EU and the US,” said Nick Clegg, president of global affairs and of Meta, and chief legal officer Jennifer Newstead in a statement.
Also read | Meta’s WhatsApp fined $5.95 million by lead EU privacy regulator
It’s another twist in a legal battle that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebook’s handling of his data following revelations by former National Security Agency contractor Edward Snowden. about US cybersnooping.
The saga highlighted the clash between Washington and Brussels over the differences between Europe’s strict view of data privacy and the relatively lax regime in the US, which has no federal privacy law.
An agreement covering EU-US data transfers known as the Privacy Shield was struck down in 2020 by the EU’s highest court, which said it did not do enough to protect residents from electronic prying by the US Government.
That leaves one more tool to manage data transfers — legal stock contracts. Irish regulators initially ruled that Meta did not need to be fined because it was acting in good faith in using them to move data across the Atlantic. But it was overruled by the EU’s top panel of data privacy authorities last month, a decision confirmed by the Irish watchdog on May 22.
Also read | Privacy depends on cybersecurity
Meanwhile, Brussels and Washington signed an agreement last year on a reworked Privacy Shield that Meta will use, but the agreement is awaiting a decision from European officials on whether it adequately protects data privacy.
EU institutions are reviewing the agreement, and the bloc’s lawmakers called for improvements in May, saying safeguards are not strong enough.
Meta warned in its latest earnings report that without a legal basis for data transfers, it would be forced to stop offering its products and services in Europe, “which would materially and adversely affect our business, financial condition , and results of operations.”
The social media company may have to make costly and complex changes to its operations if it is forced to stop sending user data to Atlantic. Meta has a fleet of 21 data centers, according to its website, but 17 of them are in the United States. Three more are in the European countries of Denmark, Ireland and Sweden. Another one is in Singapore.
Other social media giants are also facing pressure on their data practices. TikTok has tried to allay Western fears about the Chinese-owned short video sharing app’s potential cybersecurity risks with a $1.5 billion project to store US user data on Oracle servers.