Tech & Startup

Meta hit with a record fine of $1.3 billion over data privacy breach

The fine was accompanied by an order to cease the transfer of Facebook user data from EU citizens to the United States.
Meta was hit with a record fine in the EU
Meta was hit with a record fine in the EU. Image: Zarif Faiaz/Tech & Startup

Meta, the parent company of social media giant Facebook, has been slapped with a staggering $1.3 billion fine (€1.2 billion) by European Union (EU) data regulators, setting a new record in the realm of data privacy violations.

The fine was accompanied by an order to cease the transfer of Facebook user data from EU citizens to the United States. The ruling, made by Ireland's Data Protection Commission (DPC), underscores concerns that such data transfers expose EU citizens to privacy infringements, an issue initially brought to light in 2013 through the revelations of whistleblower Edward Snowden regarding US mass surveillance programs.

According to the DPC, the current legal framework for data transfers to the US fails to address the risks posed to the fundamental rights and freedoms of Facebook users in the EU, consequently violating the EU's General Data Protection Regulation (GDPR). This unprecedented fine surpasses the previous record of €746 million imposed on Amazon in 2021 for similar privacy transgressions.

For Meta, data transfers to the US are of critical importance, particularly for its extensive ad-targeting operations, which heavily rely on processing vast amounts of personal data from its users. In response to the potential disruption of these transfers, Meta warned last year that it might consider shutting down Facebook and Instagram in the EU. However, this move was viewed by EU politicians as an overt attempt at coercion. Axel Voss, an EU lawmaker, staunchly retorted, "Meta cannot just blackmail the EU into giving up its data protection standards. Leaving the EU would be their loss."

In the past, these data transfers were safeguarded by the Privacy Shield, a transatlantic agreement. However, in 2020, the highest court in the EU invalidated this framework, ruling that it failed to protect data from being accessed by US surveillance programs. The court's decision was a result of a claim filed by Austrian lawyer Max Schrems, who has been engaged in a legal battle against Facebook since 2013, initially triggered by Edward Snowden's disclosures on US surveillance practices.

Despite the order for Meta to cease data transfers, there are several factors that favour the US tech giant. Firstly, the ruling exclusively applies to data from Facebook, excluding other Meta-owned entities such as Instagram and WhatsApp. Secondly, a grace period of five months has been provided before Meta must halt future transfers, and an additional six months have been granted as a deadline to cease storing existing data in the US. Lastly, negotiations are currently underway between the EU and the US to establish a new data transfer agreement, which could be implemented as early as this summer or as late as October.

In response to the fine, Meta denounced it as "unjustified and unnecessary" in a blog post authored by Meta's president for global affairs, Nick Clegg, and the company's chief legal officer, Jennifer Newstead. They highlighted that Meta is just one of "thousands" of companies employing similar legal frameworks to facilitate data transfers.

Clegg and Newstead announced their intention to appeal the decisions and seek a stay with the courts, citing the harm that compliance with the orders would cause, particularly to the millions of individuals who utilize Facebook on a daily basis.