European privacy regulators penalized Meta a record 1.2 billion euros ($1.3 billion) for sending customer data from the EU to the US.
The ruling is related to a dispute made by Austrian privacy advocate Max Schrems, who claimed that the framework for sending data from EU citizens to the US did not shield Europeans from American monitoring.
There have been disagreements over a number of legal means of transferring personal data between the US and the EU. The European Court of Justice, the highest court in the EU, invalidated the most recent version of this, the Privacy Shield, in 2020.
The corporation allegedly violated the EU’s General Data Protection Regulation by sending the personal information of European people to the US despite a 2020 European court decision, according to the Irish Data Protection Commission, which is in charge of Meta’s operations in the EU.
The landmark GDPR data privacy law of the EU regulates businesses operating inside the region. It becomes effective in 2018.
Meta transferred personal data within and outside of the EU through a technique known as standard contractual clauses. No European Union court prohibited this. The European Commission, the EU’s executive body, accepted the terms together with other controls put in place by Meta, according to the Irish data watchdog. These arrangements, according to the regulator, “did not address the risks to the fundamental rights and freedoms of data subjects that were identified” by the European Court of Justice.
Additionally, Meta received a directive from Ireland’s Data Protection Commission to “suspend any future transfer of personal data to the US within the period of five months” following the ruling.
The 1.2-billion-euro penalty for Meta is the biggest sanction ever imposed on a firm for violating GDPR. The previous biggest fine was a 746-million-euro penalty imposed on e-commerce behemoth Amazon in 2021 for GDPR infringement.