Meta Faces Record-breaking 1.2 Billion Euro Fine for EU Privacy Violations

• Financial

In a groundbreaking move, American technology behemoth Meta has been hit with a staggering 1.2 billion euro penalty for its failure to comply with European Union (EU) privacy regulations. The tech giant, formerly known as Facebook, was found guilty of unlawfully transferring the data of European users to the United States, as declared by Ireland's privacy regulator.

Meta's EU Privacy Violations and Regulatory Consequences

The Irish Data Protection Commission, the authority responsible for overseeing privacy matters in Ireland, revealed on Monday that Meta had violated the General Data Protection Regulation (GDPR) by transferring a trove of personal data belonging to European Facebook users to the United States, without adequately safeguarding their information from Washington's data surveillance practices, according to Euronews.

This historic fine marks the largest penalty ever imposed under the EU's flagship privacy law, the General Data Protection Regulation (GDPR), and is announced just days before the fifth anniversary of the law on May 25. Notably, Luxembourg had previously levied a hefty fine of 746 million euros against Amazon, while the Irish regulator imposed multiple fines on Meta's platforms, including Facebook, Instagram, and WhatsApp, ranging from 405 to 225 million euros over the past two years.

Implications for Data Flows and Transatlantic Agreements

The privacy watchdog in Ireland asserted that Meta's utilization of a legal mechanism known as standard contract clauses (SCC) to transfer data to the US "failed to adequately address the risks to the fundamental rights and freedoms" of European Facebook users, as highlighted by a landmark ruling from the European Union's highest court.

In 2020, the European Court of Justice invalidated the EU-US data flow agreement known as Privacy Shield, citing concerns about US intelligence surveillance practices. Simultaneously, the court tightened the requirements for employing SCC, another legal instrument commonly used by corporations to transfer personal data to the US.

Meta, like other multinational corporations, continued to rely on this legal instrument as European and US officials grappled with establishing a new framework for data flows, with the tech giant lacking alternative legal mechanisms for transferring personal data.

Negotiations are currently underway between the EU and the US to finalize a new agreement on data flows, which could be achieved as early as July, but no later than October. Meta has been granted until October 12 to cease its reliance on SCC for data transfers.

Expressing concern, the US tech giant previously cautioned that if it were compelled to discontinue the use of SCC without a viable alternative agreement for data flows, it may be forced to suspend services such as Facebook and Instagram in Europe.