Facebook owner Meta is hit with record $1.3billion privacy fine

Facebook owner Meta hits out at ‘flawed and unjustified’ fine after it’s ordered to pay record $1.3billion and ordered to stop transferring European data to America

  • Fine from Ireland’s Data Protection Commission came after three-year probe

Facebook owner Meta has hit out against a ‘flawed and unjustified’ fine after it was ordered to pay a record $1.3billion and stop transferring European data to America.

The European Union slapped Meta the privacy fine on Monday and ordered it to stop transferring user data across the Atlantic by October, the latest salvo in a decade-long case sparked by US cybersnooping fears. 

The penalty fine from Ireland’s Data Protection Commission  (DPC) after a three-year probe into the social media giant is the biggest since the EU’s strict data privacy regime took effect five years ago, surpassing Amazon’s $807million penalty in 2021 for data protection violations.

The DPC said that Meta had breached part of the European GDPR (General Data Protection Regulation) rules in the way that it had moved data of Facebook users across borders.

It ordered Meta Ireland to ‘suspend any future transfer of personal data to the US within the period of five months’ and also levied a record fine on the business ‘to sanction the infringement that was found to have occurred’.

Pictured: Mark Zuckerberg (File photo). The European Union slapped Meta the privacy fine Monday and ordered it to stop transferring user data across the Atlantic by October, the latest salvo in a decade-long case sparked by US cybersnooping fears

Facebook’s Meta logo sign is seen at the company headquarters in Menlo Park, California 

The Irish watchdog is Meta’s lead privacy regulator in the 27-nation bloc because the Silicon Valley tech giant’s European headquarters is based in Dublin.

Meta, which had previously warned that services for its users in Europe could be cut off, vowed to appeal and ask courts to immediately put the decision on hold.

‘There is no immediate disruption to Facebook in Europe,’ the company said.

‘This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US,’ Nick Clegg, Meta’s president of global and affairs, and Chief Legal Officer Jennifer Newstead said in a statement.

‘We are … disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe,’ the statement added. 

It continued: ‘We are pleased that the DPC also confirmed in its decision that there will be no suspension of the transfers or other action required of Meta, such as a requirement to delete EU data subjects’ data once the underlying conflict of law has been resolved.

‘No country has done more than the US to align with European rules via their latest reforms, while transfers continue largely unchallenged to countries such as China.’

It’s yet another twist in a legal battle that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebook´s handling of his data following former National Security Agency contractor Edward Snowden´s revelations about US cybersnooping.

The saga has highlighted the clash between Washington and Brussels over the differences between Europe’s strict view on data privacy and the comparatively lax regime in the US, which lacks a federal privacy law.

An agreement covering EU-US data transfers known as the Privacy Shield was struck down in 2020 by the EU’s top court, which said it didn´t do enough to protect residents from the US government’s electronic prying.

That left another tool to govern data transfers – stock legal contracts. Irish regulators initially ruled that Meta didn’t need to be fined because it was acting in good faith in using them to move data across the Atlantic. 

But it was overruled by the EU’s top panel of data privacy authorities last month, a decision that the Irish watchdog confirmed Monday.

Pictured: Meta booth at conference (File photo). The penalty fine from Ireland’s Data Protection Commission (DPC) after a three-year probe into the social media giant is the biggest since the EU’s strict data privacy regime took effect five years ago, surpassing Amazon’s 746 million euro penalty in 2021 for data protection violations

‘This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US,’ Nick Clegg (pictured), Meta’s president of global and affairs, and Chief Legal Officer Jennifer Newstead said in a statement

Meanwhile, Brussels and Washington signed an agreement last year on a reworked Privacy Shield that Meta could use, but the pact is awaiting a decision from European officials on whether it adequately protects data privacy.

EU institutions have been reviewing the agreement, and the bloc’s lawmakers this month called for improvements, saying the safeguards aren’t strong enough.

Meta warned in its latest earnings report that without a legal basis for data transfers, it will be forced to stop offering its products and services in Europe, ‘which would materially and adversely affect our business, financial condition, and results of operations’. 

The social media company might have to carry out a costly and complex revamp of its operations if it’s forced to stop shipping user data across the Atlantic. 

Meta has a fleet of 21 data centers, according to its website, but 17 of them are in the United States. Three others are in the European nations of Denmark, Ireland and Sweden. Another is in Singapore.

Other social media giants are facing pressure over their data practices. TikTok has tried to soothe Western fears about the Chinese-owned short video sharing app’s potential cybersecurity risks with a $1.5 billion project to store US user data on Oracle servers.

Source: Read Full Article