Meta has been fined nearly $2 billion by European regulators and ordered to stop transferring the personal Facebook data of EU citizens back to the US in a landmark ruling announced on Monday evening.
In a case dating back to a complaint in 2013 and an investigation that began in 2020, Ireland’s Data Protection Commission (DPC) ruled Meta breached European data laws by transferring and storing the data.
The user data is fundamental to Meta’s advertising business and the tech giant last year said it may pull out of the European market if it could not transfer it back to the US.
Meta called the record €1.2 billion (A$1.96 billion) fine “unjustified and unnecessary”, and said it would appeal the decision.
On Monday evening, the DPC announced it had concluded its investigation into Meta’s Facebook user data transfers and determined it was a breach of the General Data Protection Regulation (GDPR) and should be suspended.
The transfers had previously been allowed under a transatlantic pact known as the Privacy Shield but the framework was ruled invalid by the EU’s top court in 2020 because the protocol does not protect EU citizens from mass surveillance programs operated by US intelligence agencies.
Data transfers were allowed to continue under an alternative legal mechanism called Standard Contractual Clauses, which many companies use along with Meta.
But the DPC investigation determined that Meta’s arrangements under this mechanism “did not address the risks to the fundamental rights and freedoms of data subjects” and breached GDPR.
The court case stemmed from a legal battle by Austrian lawyer and data privacy activist Max Schrems which began in 2013.
In addition to the record near-$2 billion fine, Monday’s ruling means Meta must stop sending European Facebook user data back to the US and delete any already sent within six months.
But a new data sharing agreement between the US and EU may be in place by then, potentially allowing the data transfer to continue.
Meta released a company blog post in response to the ruling and record fine, writing that there would be no immediate disruption to its European business and that it would seek a stay of the orders through the courts.
The post, by the company’s president of global affairs Nick Clegg and chief legal officer Jennifer Newstead, said Meta “will appeal the ruling, including the unjustified and unnecessary fine”.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US,” the blog post states.
The tech giant’s post also drew on geopolitics.
“At a time where the internet is fracturing under pressure from authoritarian regimes, like-minded democracies should work together to promote and defend the idea of the open internet,” it said.
“No country has done more than the US to align with European rules via their latest reforms, while transfers continue largely unchallenged to countries such as China.”
Do you know more? Contact James Riley via Email.