The EU has slapped tech giant Meta with a record $1.3 billion fine for breaching privacy rules. They have also demanded that the company stop transferring user data across the Atlantic by October. This marks the latest step in a long-running conflict, sparked by concerns over US cyber espionage.
This is the largest fine since the EU’s strict data protection regime was introduced five years ago, surpassing Amazon’s €746m fine last year for data protection breaches. Meta, formerly Facebook, has previously warned that services for their users in Europe are at risk of being shut down. They have stated that they intend to appeal the decision and will ask the court to immediately overturn it. The company states that there is no immediate disruption to Facebook in Europe.
Believes that the decision is incorrect
The company believes that the decision is wrong, unjustified and creates a dangerous precedent for the countless companies that transfer data between the EU and the US. Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, the company’s general counsel, expressed this in a joint statement. This legal battle began in 2013 when Austrian lawyer and privacy activist Max Schrems sued Facebook for the way they handled his data. This followed the revelations about electronic surveillance by US security agencies, including that Facebook had given these agencies access to the personal data of Europeans. This conflict has highlighted the contradictions between Washington and Brussels over the differences that exist in the view of data privacy in Europe compared to the United States, which lacks a federal law on privacy. The EU has been a global leader in curbing the power of major tech companies, through a series of regulations forcing them to more strictly monitor their platforms and protect users’ personal information. An agreement covering EU-US data transfers, known as Privacy Shield, was rejected in 2020 by the EU’s highest court. It said the agreement did not do enough to protect residents against the US government’s electronic surveillance. Monday’s decision confirmed that another tool to govern data transfers, ie warehouse legal contracts, is also invalid. Brussels and Washington last year signed a revised Privacy Shield agreement that Meta can use, but the agreement is awaiting a decision by European officials on whether it adequately protects data privacy. Ireland’s Data Protection Commission, which is Meta’s main privacy regulator in the 27-nation bloc, imposed the fine. They said they gave Meta five months to stop sending European user data to the US and six months to bring its data management into compliance “by ceasing the unlawful processing, including storage, in the US” of European users’ personal data transferred in violation of the bloc’s confidentiality rules. If the new transatlantic confidentiality agreement enters into force before these deadlines, Meta’s services can continue as they are today without any disruption or impact on users, Meta states. Meta warned in its latest earnings report that without a legal basis for data transfers, it will be forced to stop offering its products and services in Europe, which would adversely affect its business, financial position and results. The social media company could be forced to undertake a costly and complex restructuring of its operations if it is forced to stop sending user data across the Atlantic. Meta has a fleet of 21 data centers, according to its website, but 17 of them are in the United States. Three others are in Denmark, Ireland and Sweden. Another is located in Singapore. Other social media giants are facing pressure over their data practices. TikTok has sought to calm Western concerns about the Chinese-owned app’s potential cybersecurity risks with a $1.5 billion project to store US user data on Oracle servers.
A professional writer by day, a tech-nerd by night, with a love for all things money.