The European Union has slapped Meta’s business in Ireland with a record fine of $1.3 billion for transferring the personal data of Facebook users to the U.S. in breach of the General Data Protection Regulation, or European Union law on data protection and privacy.
Following a binding dispute resolution process, Meta, formerly known as Facebook, was ordered to bring its data transfers into compliance with the GDPR, and to pay a record fine imposed by the European Data Protection Board.
That calls for an end within six months to the unlawful processing, including storage, in the U.S. of personal data of European users.
“The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive and continuous. Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences,” Andrea Jelinek, EDPB chair, said in a statement.
GDPR regulations disallow transfers of personal data to so-called third countries, or in Facebook’s case, the U.S. market, without ensuring the personal information of users is properly protected.
The EU’s Data Protection Commission, in its final decision over Meta’s cross-border transfers of personal information, ruled “U.S. law does not provide a level of protection that measures up to that provided by EU law,” and that Meta’s Irish division “does not have in place supplemental measures which compensate for the inadequate protection provided by U.S. law.”