Meta fined for data shift
Meta, the parent company of Facebook, has been fined by the lead privacy regulator in the European Union (EU).
Ireland's Data Protection Commissioner (DPC) has levied a historic fine of €1.2 billion (AU$1.9 billion) for mishandling user information.
In addition to the fine, the DPC has given Meta a five-month deadline to cease transferring users' data to the United States.
The record-breaking penalty comes as Meta continues to violate an EU court ruling from 2020 that invalidated an EU-US data transfer agreement.
According to a statement from the DPC, the fine surpasses the previous €746 million (AU$1.2 billion) record imposed on Amazon.com Inc by Luxembourg in 2021.
The contentious issue of where Meta stores its data has been a decade-long battle, triggered by Austrian privacy campaigner Max Schrems.
Schrems initiated a legal challenge based on concerns about US surveillance, which were brought to light by former US National Security Agency contractor Edward Snowden.
Meta promptly responded to the ruling, expressing its intention to appeal the decision, including the “unjustified and unnecessary” fine.
The company argues that the ruling establishes a dangerous precedent that could affect numerous other businesses.
Meta also plans to seek a stay of the suspension orders through the court system.
While Meta maintains its expectation that a new agreement facilitating the secure transfer of EU citizens' personal data to the United States will be fully implemented before the deadline, it had previously warned of potential service suspensions in Europe if transfers were halted.
If the new pact is implemented as anticipated, the threat of service disruptions would not materialise.
The social media giant stresses that the inability to transfer data across borders would risk fragmenting the internet into national or regional silos, a scenario it deems undesirable.
In March, the DPC revealed that EU and US officials aimed to finalise a new data protection framework, agreed upon by Brussels and Washington in March 2022, by July.
However, the European Court of Justice, Europe's highest court, had previously invalidated two data transfer agreements due to concerns about US surveillance practices.
Max Schrems, the Austrian privacy campaigner, expressed scepticism regarding Meta's reliance on the new deal as a long-term solution.
He stated; “In my view, the new deal has maybe a 10 percent chance of not being killed by the CJEU (EU Court of Justice)”.
Schrems believes that unless US surveillance laws are rectified, Meta will likely be required to store EU data within the EU.
The DPC, being the primary EU regulator for many of the world's leading technology companies due to their European headquarters' location in Ireland, warned that the suspension order could set a precedent for other firms.
Meta has now been fined a total of €2.5 billion (AU$4 billion) for breaching the EU's General Data Protection Regulations, which were introduced in 2018.
Initially, the DPC did not propose adding a fine to the suspension order. However, four other EU supervisory authorities disagreed, leading to the inclusion of the record-breaking fine following a ruling by the European Data Protection Board.
With more fines imposed on Meta than any other tech company, the Irish regulator currently has ten additional ongoing investigations into the social media conglomerate's various platforms.