The European Union has slapped Meta with a record $1.3 billion privacy fine and ordered it to stop transferring user data across the Atlantic.
The European Union slapped Meta with a record $1.3 billion privacy fine Monday and ordered it to stop transferring user data across the Atlantic by October, the latest salvo in a decadelong case sparked by U.S. cybersnooping fears.
The penalty fine of 1.2 billion euros from Ireland’s Data Protection Commission is the biggest since the EU’s strict data privacy regime took effect five years ago, surpassing Amazon’s 746 million euro penalty in 2021 for data protection violations.
The Irish watchdog is Meta’s lead privacy regulator in the 27-nation bloc because the Silicon Valley tech giant’s European headquarters is based in Dublin.
Meta, which had previously warned that services for its users in Europe could be cut off, vowed to appeal and ask courts to immediately put the decision on hold.
“There is no immediate disruption to Facebook in Europe,” the company said.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.,” Nick Clegg, Meta’s president of global and affairs, and Chief Legal Officer Jennifer Newstead said in a statement.
It’s yet another twist in a legal battle that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebook’s handling of his data following former National Security Agency contractor Edward Snowden’s revelations about U.S. cybersnooping.
The saga has highlighted the clash between Washington and Brussels over the differences between Europe’s strict view on data privacy and the comparatively lax regime in the U.S., which lacks a federal privacy law.
An agreement covering EU-U.S. data transfers known as the Privacy Shield was struck down in 2020 by the EU’s top court, which said it didn’t do enough to protect residents from the U.S. government’s electronic prying.
That left another tool to govern data transfers — stock legal contracts. Irish regulators initially ruled that Meta didn’t need to be fined because it was acting in good faith in using them to move data across the Atlantic. But it was overruled by the EU’s top panel of data privacy authorities last month, a decision that the Irish watchdog confirmed Monday.
Meanwhile, Brussels and Washington signed an agreement last year on a reworked Privacy Shield that Meta could use, but the pact is awaiting a decision from European officials on whether it adequately protects data privacy.
EU institutions have been reviewing the agreement, and the bloc’s lawmakers this month called for improvements, saying the safeguards aren’t strong enough.