For a decade, EU Facebook user data has been transferred to the US, where privacy protections are less.
The Irish data protection regulator penalised WhatsApp, Instagram, and Facebook a record €1.2 billion (1.04 billion pounds).
It is the largest penalty ever imposed for a violation of the general data protection regulations (GDPR). Which require the consent of the data holder before using their personal information.
Meta has been fined for transferring the data of EU users to the United States for processing, despite a ruling in 2020 by the EU’s highest court that the data was not adequately protected from US espionage agencies.
Facebook has been ordered to cease the practice and given at least five months to terminate future data transfers and six months to cease unlawful data processing and storage in the United States. Instagram and WhatsApp do not fall under the scope of the decree.
Since privacy campaigner Max Schrems sued Facebook in 2013, the issue has persisted.
As Dublin is the location of Meta’s European headquarters, the Data Protection Commission (DPC) in Ireland has jurisdiction over Meta, effectively serving as the EU’s privacy regulator.
Meta stated that it would appeal the decision and that there would be no service disruption. It stated that the decision was “unjustified and unnecessary” and that it establishes a “dangerous precedent.” Meta added that it will petition the courts for a stay of the order.
Before Monday’s fine, EU regulators’ greatest penalty against Amazon was €746 million in 2021.
A new pact is being negotiated between the EU and the United States to facilitate safe and legal data sharing. It may be operational by the summer, but it may also encounter legal obstacles. In April, Meta said it expects the arrangement to be finalised before having to stop the illegal data transfer.
Meta stated that even if the agreement is not in place, services will continue to operate. Previously, it was stated that a prohibition could halt European services.
In a call with investors last month, Meta estimated that terminating the data transfer would cost the company 10% of its advertising revenue, an amount that is multiples of Monday’s £1 billion fine.
