Meta faces ‘unprecedented’ $1.3 billion EU fine for data transfers: ‘Serious breaches have far-reaching consequences’

After a lengthy investigation, Ireland’s Data Protection Commission has announced a $1.3 billion meta-EU fine over allegedly unlawful data transfers. Photo credit: Dima Solomin

Ireland’s Data Protection Commissionon (DPC) has officially imposed a record fine of 1.2 billion euros on Facebook and Instagram parent company Meta ($1.30 billion at the current exchange rate) for allegedly unlawful user data transfers.

The EU’s European Data Protection Board (EDPB) today confirmed what it says is “the biggest GDPR “It’s all fine,” after he forced the DPC to fine Meta with a binding order last month. For background, the same Dublin-based government agency launched the full investigation in August 2020 after filing a complaint against Menlo Park-headquartered Meta for transferring EU citizens’ Facebook user data to the US

(Today’s fine should not be confused with the comparatively modest €390 million/$421.67 million the DPC fined Meta in January for alleged personalized ad practices that violate the EU’s General Data Protection Regulation.)

After a “comprehensive investigation”, the DPC found in July 2022 that the transfers in question had breached Article 46 of the aforementioned GDPR or the section of the extensive law on “appropriate safeguards” for the “transfer” of (of) personal data to a third country or an international organization.”

Article 60 of the GDPR instructs the “lead supervisory authority” (in this case Ireland’s DPC) to “work with the other supervisory authorities concerned to reach a consensus”. Although these other authorities agreed that Meta should be made to stop broadcasting, four of the 47 companies involved disagreed with the DPC’s preliminary decision not to fine it.

This time, in accordance with Article 65 of the GDPR (“Dispute Resolution by the Board”), the matter was referred to the European Data Protection Board, which issued the aforementioned binding decision last month.

Since the Irish DPC was required by law to make its own final decision “on the basis” of the panel’s findings, it then settled on the $1.3 billion fine, giving Meta five months to complete the submission of States to stop user data, giving the company a six-month deadline to “harmonize its processing operations”. It goes without saying that the severity of the penalty should be kept in mind as the EU pursues different investigations in and around the music sector.

EDSA Chair Andrea Jelinek responded to the fine in a statement communicates partly: “Facebook has millions of users in Europe, so the amount of personal data transferred is enormous.” The unprecedented fine is a strong signal for organizations that serious violations have far-reaching consequences.”

In early May, the Italian Society of Authors and Publishers (SIAE) returned to Instagram and Facebook, despite the ongoing licensing dispute between the organization and Meta. And in the US, a week ago, the Federal Trade Commission proposed a blanket ban on Meta monetizing data from underage users.

Notwithstanding these and other less-encouraging points, the price of Meta stock (NASDAQ:META) has roughly doubled since the start of 2023; At the time of writing, shares are hovering around $250 a share.