Mark Zuckerberg’s tech giant Meta has been hit with a record $1.2 billion EU fine ($1.3 billion in U.S. dollars) for not complying with the EU’s privacy rules and has been asked to stop exporting European Union user data to the U.S. for processing..
As reported by the BBC, Meta was fined “for mishandling people’s data when transferring it between Europe and the United States.”
The fine was Issued by Ireland’s Data Protection Commission (DPC) and is the largest fine imposed under the EU’s General Data Protection Regulation (GDPR) privacy law.
The decision was prompted by a case brought by Austrian privacy campaigner Max Schrems who argued that the framework for transferring EU citizen data to America did not protect Europeans from U.S. surveillance.
Representatives from Meta, which also owns Instagram and WhatsApp among other products and services, said it would appeal both the decision and the fine.
“We are appealing these decisions and will immediately seek a stay with the courts who can pause the implementation deadlines, given the harm that these orders would cause, including to the millions of people who use Facebook every day,” Nick Clegg, Meta president of global affairs, and Jennifer Newstead, chief legal officer at the company, said in a blog post.
In addition to the record fine, the regulator ordered Meta to suspend “any future transfer of personal data” from European Facebook users to the U.S. within five months.
President Joe Biden and European Commission President Ursula von der Leyen reached an agreement in March 2022 on a new data sharing framework called the EU-U.S. Data Privacy Framework, which restored the legal safeguards for transatlantic data flows. However, it has still not been ratified by the European Commission. The Trans-Atlantic Data Privacy Framework contains a new set of rules to limit access to data by U.S. intelligence authorities and, if passed in time, could eliminate Meta’s legal woes.
If the European Commission doesn’t act, Meta would be left with two costly options. First, they could act to localize data from EU users, ceasing to transfer any of it to the U.S. That process has been a costly and lengthy undertaking for TikTok, owned by Beijing, China-based ByteDance. TikTok says it’s spent more than $1 billion reconfiguring its digital infrastructure in order to appease U.S. lawmakers concerned about data transferred from Americans to China..
The second possibility is that Meta could withdraw offering Facebook in the EU, but this is an extreme and costly option for the social media company. Europe is Facebook’s second biggest market, producing $29 billion in revenue.
Even if the EU moves forward with the new EU-U.S. Data Privacy Framework, Forrester analyst Enza Iannopollo said it would only be another temporary fix to long-standing data privacy issues.
“The need to facilitate compliance with the international data transfer requirements is well understood,” Iannopollo said. “However, [this] decision shows that there are situations that create very high risk and European data protection authorities will continue to look into these cases, regardless of any frameworks.”