Facebook owner Meta has been fined a record EUR 1.2 billion (nearly Rs. 10,750 crore) for transferring EU user data to the United States in breach of a previous court ruling, Ireland’s regulator announced Monday.
The Irish Data Protection Commission (DPC), which acts on behalf of the European Union, said the European Data Protection Board (EDPB) had ordered it to collect “an administrative fine in the amount of EUR 1.2 billion”.
The DPC has been investigating Meta Ireland’s transfer of personal data from the EU to the United States since 2020.
It found that Meta, which has its European headquarters in Dublin, failed to “address the risks to the fundamental rights and freedoms of data subjects” that were identified in a previous ruling by the Court of Justice of the European Union (CJEU).
The CJEU interprets EU law to make sure it is applied in the same way in all member states.
In response, Meta said it was “disappointed to have been singled out” and the ruling was “flawed, unjustified and sets a dangerous precedent for the countless other companies”.
“We intend to appeal both the decision’s substance and its orders including the fine, and will seek a stay through the courts to pause the implementation deadlines,” Meta president of global affairs Nick Clegg and chief legal officer Jennifer Newstead said in a blog post.
“There is no immediate disruption to Facebook in Europe,” they added.
Fourth Fine
Initially, the DPC had wanted to force Meta to suspend the offending data transfers, saying that a fine “would exceed the extent of powers that could be described as being ‘appropriate, proportionate and necessary'”.
But its peer regulators in the EU, known as Concerned Supervisory Authorities (CSAs), disagreed.
“All four CSAs took the view that Meta Ireland should be subject to an administrative fine,” said the DPC.
With no hope of consensus, the DPC referred the objections to the EDPB, which ruled that Meta Ireland suspend future transfer of personal data to the United States and pay a fine.
In a blog, Clegg and Newstead said the EDPB decision to overrule the DPC “raises serious questions”.
“No country has done more than the US to align with European rules via their latest reforms, while transfers continue largely unchallenged to countries such as China,” they added.
EU regulators have already hit Meta with fines of hundreds of millions of euros over data breaches by its Instagram, WhatsApp and Facebook services.
It is the third fine imposed on Meta so far this year in the EU, and the fourth in six months.
In 2021, Amazon was fined EUR 746 million (nearly Rs. 6,685 crore) in Luxembourg for infringing the EU’s General Data Protection Regulation.