The European Union (EU) said the company’s data transfers to the US violated General Data Protection Regulation (GDPR) and jeopardised the “fundamental rights and freedoms” of EU citizens
This week, the EU has issued its largest regulatory fine to date, ordering US tech giant Meta to pay €1.2 billion as a result of breaches to GDPR.
The decision was made by Ireland’s Data Protection Commission (DPC), which said that Meta’s transferring of personal data from EU citizens to the US since 2013 had exposed that data to privacy violations by US security services.
The DPC said that Meta’s existing policies towards transferring sensitive EU data to the US “did not address the risks to the fundamental rights and freedoms” of EU citizens.
Meta is heavily reliant on delivering EU data to the US in order to facilitate advertising.
In the past, Meta has said transferring this data to the US for advertising purposes was paramount to its continued operations in the EU, even threatening to shut down Facebook and Instagram services in Europe if forced to cease these data transfers.
The EU responded saying it would not be threatened or blackmailed, saying the company’s withdrawal “would be their loss”.
Now, the EU says that Meta has five months to suspend any future transfer of personal data to the US, and six months to stop “the unlawful processing, including storage, in the US” of EU data.
These orders only apply to Meta’s Facebook service and not to its other offerings, such as Instagram and WhatsApp.
Meta, naturally, says it appeal the DPC’s decision, which it called “unfair” and “unjustified”.
“We are appealing these decisions and will immediately seek a stay with the courts who can pause the implementation deadlines, given the harm that these orders would cause, including to the millions of people who use Facebook every day,” wrote Meta’s president for global affairs, Nick Clegg, and the company’s chief legal officer, Jennifer Newstead in a blog post.
The decision should come as little surprise. The EU has been clamping down on major US tech companies in recent years, with numerous fines being passed down to likes of Google, Amazon, and Meta for breaching GDPR.
In fact, in 2020, the European Court of Justice found the existing legislative framework between the EU and the US – known as the Privacy Shield – to be inadequate for protecting EU data from being accessed by US surveillance services. Since then, the EU and the US government have been working on a replacement data transfer pact, which could come into effect as early as this October.
Want to keep up with all of the latest international telecoms news? Click here to receive Total Telecom’s daily newsletter
Also in the news:
Tusass: Connecting Greenland’s remote communities
Watchdog hits Eir with €2.45m fine for overcharging customers
SENSE: Nokia and Citymesh launch national drone network in Belgium