Meta has been fined $1.3 billion (1.2-billion-euro), Ireland’s regulator announced on Monday. The Facebook-owned technology company will have to pay a fine for transferring EU user data to the US against the prior judgment of the court.
The Irish Data Protection Commission (DPC), an agent of the European Union, said that the European Data Protection Board (EDPB) had directed it to secure “an administrative fine in the amount of 1.2 billion euros”.
The Court of Justice of the European Union (CJEU) interprets EU law to ensure that all member states conform to it in a standard manner.
The DPC has been inquiring about Meta Ireland’s transfer of personal data from the EU to the US since 2020. The enquiry found that Meta did not “address the risks to the fundamental rights and freedoms of data subjects” that were pointed out in the last ruling by the CJEU. Meta’s European headquarters is based in Dublin, Ireland’s capital.
To this Meta replied that it was “disappointed to have been singled out” and the judgment was “flawed, unjustified and sets a dangerous precedent for the countless other companies”.
In a blog post, Nick Clegg, Meta president of global affairs and chief legal officer Jennifer Newstead, said, “We intend to appeal both the decision’s substance and its orders including the fine, and will seek a stay through the courts to pause the implementation deadlines.” They further added, “There is no immediate disruption to Facebook in Europe.”
Meta subject to “administrative fine”
In the present scenario, the DPC had earlier wanted to push Meta to stop these unwanted data transfers by saying that imposing a fine would “exceed the extent of powers that could be described as being ‘appropriate, proportionate and necessary’”.
Its peer regulators in the EU, known as Concerned Supervisory Authorities (CSAs), contradicted and the DPC made it clear by saying that this was supposed to be “subject to an administrative fine.”
As no common ground was found, the DPC mentioned the objections to the EDPB, and the latter stated that Meta Ireland needed to end transferring personal data of its European users to the United States and submit a fine.
Meta has already been fined hundreds of millions of euros for data violations by its Instagram, WhatsApp, and Facebook services. So far, this is the third time the social media giant has been fined in 2023 in the EU and the fourth in six months.
The DPC fined Meta 390 million euros in violation of data rules in terms of targeted advertising on its application in January. In March, Meta was made to pay 5.5 million euros for breaching the GDPR with its WhatsApp messaging service. In its previous fines, Meta was accused of changing its use in Europe for it to keep acquiring and processing the users’ private data in Europe.
The EDPB’s overruling the DPC’s stand “raises serious questions”, Clegg and Newstead said. They added, “No country has done more than the US to align with European rules via their latest reforms, while transfers continue largely unchallenged to countries such as China.”
But EDPB chair Andrea Jelinek described the data breach by Meta as “very serious” and characterized its data transfers as “systematic, repetitive and continuous”. She added, “The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences.”