Meta Fined $1.3 Billion for GDPR Violations

Meta, the parent company of Facebook, has been hit by a record-breaking $1.3 billion fine from European Union (EU) data protection regulators for its improper transfer of European Facebook user information to the United States.

The European Data Protection Board (EDPB) issued a binding dispute resolution, ordering Meta to bring its data transfers in line with the General Data Protection Regulation (GDPR) and rectify all instances of unlawfully stored and processed data within six months.

The EDPB deemed Meta's infringement as severe, since it concerns systematic and continuous transfers of user data. Andrea Jelinek, EDPB chair, stated “Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences”.

Under the decision, Meta has also been given five months to suspend any future transfer of European Facebook users' data to the US. However, the order does not apply to the platforms Instagram and WhatsApp, which are also owned by Meta.

Meta responded to the ruling stating their intention to appeal, labeling the fine as "unjustified and unnecessary." The company argues that a fundamental conflict of law exists between US government rules on data access and European privacy rights. Meta's executives, Nick Clegg, and Jennifer Newstead, expressed concerns that restrictions on global data transfers could fragment the internet and hinder the operation of thousands of businesses and other organizations.

The penalty imposed on Meta by the EDPB beats the previous record fine of $888 million issued to Amazon in 2021. However, experts remain skeptical about its impact on Meta's privacy practices, emphasizing that the company's substantial revenues may render the penalty inconsequential.

The EU's decision also carries significant implications for other tech companies, potentially setting a precedent for future enforcement actions. The Irish Data Protection Commission, which has fined Meta more than any other tech firm, has ten additional ongoing investigations into the social media giant's platforms.