Personal data: Meta receives a record fine in Europe of 1.2 billion euros

Meta is fined a record 1.2 billion euros by the Irish regulator for breaching European data protection rules (GDPR) with its social network Facebook, amid fears over US surveillance programs.

Meta, which intends to appeal, is condemned for having “continued to transfer personal data” of users from the European Economic Area to the United States in violation of European rules, indicated in its decision the Irish Commission for the protection (DPC), acting on behalf of the EU.

Meta must also “suspend any transfer of personal data to the United States within five months” and must comply with the GDPR within six months, added the DPC.

This sanction, the highest imposed by a data protection regulator in Europe, stems from an investigation launched in 2020.

Meta calls the fine “unjustified and unnecessary” and will seek legal action to have it suspended.

“Thousands of companies and organizations rely on the possibility of transferring data between the EU and the United States,” the Californian giant continues in a statement.

However, there is “no immediate disruption of Facebook”, specifies the company, which hopes to see the United States and the European Union adopt during the summer a new legal framework for the transfer of personal data, in the stride of an agreement in principle last year.

– “Mass surveillance” –

The two devices previously put in place to allow companies to transfer this data from Europeans to the United States had been invalidated by European justice due to fears of surveillance by American services – the last, “”, during a decision in 2020.

Since then, “European and American organizations and companies of all sizes have found themselves without clear guidelines for transatlantic data transfers”, criticizes CCIA Europe, which represents the interests of the information technology industries.

The sanction proclaimed Monday “makes it illegal, in fact, the operation of the Internet,” she said.

The privacy association noyb, which has initiated numerous proceedings against American technology giants in Europe, speaks of a “serious blow to Meta”.

“Since Edward Snowden’s revelations of big US tech companies aiding the NSA’s (National Security Agency) mass surveillance apparatus, Facebook – now Meta – has come under fire. “A dispute in Ireland”, continues the association in a press release.

The penalty “could have been much higher, given that the maximum fine is over 4 billion and that Meta knowingly broke the law to generate profits for ten years”, underlines the founder of noyb, the Austrian Max Schrems , adding that similar decisions could also affect other major players in the sector “such as Amazon, Google or Microsoft”.

– “Strong signal” –

This is the fourth fine imposed on Meta in the EU in six months.

The Irish Data Protection Authority has jurisdiction to act on behalf of the EU because Meta’s European headquarters are in Ireland, like those of many Silicon Valley giants. Their presence is crucial for the country’s economy, and Dublin offers them an attractive tax system.

However, the EDPB (European Data Protection Board) has the last word on this in Europe.

Meta’s violations of the GDPR “are very serious since they are systematic, repetitive and continuous transfers”, reacted in a press release Andrea Jelinek, president of the EDPB, who in this case forced the DPC to impose a fine.

This is “a strong signal to organizations that serious breaches have serious consequences”, she added.

In January, the DPC had already heavily sanctioned the group to the tune of 400 million euros for offenses on the use of personal data for advertising purposes targeting its Facebook, Instagram and WhatsApp applications, then in March, to 5.5 million euros for violating the GDPR with his WhatsApp message.

Since then, Meta has committed to changing its terms of use in Europe.

These sanctions come in a context of strengthening controls and judicial procedures in the European Union, but also in the United States, against GAFA (Google, Amazon, Facebook and Apple), and the measures recently taken against the Chinese giant TikTok.

In 2021, Amazon had notably suffered a fine of 746 million euros in Luxembourg.