European Union data protection regulators have imposed a historic $1.3 billion fine on Meta, the parent company of Facebook. The fine comes as a result of Meta’s violation of data transfer regulations by improperly transferring users’ personal data from the EU to the United States. The European Data Protection Board (EDPB) has issued a decisive ruling, demanding that Meta align its data transfers with the General Data Protection Regulation (GDPR) and delete unlawfully stored and processed data within six months
Furthermore, Meta must cease transferring Facebook users’ data to the United States for a period of five months. It’s important to note that Instagram and WhatsApp, also owned by Meta, remain unaffected by this directive.
EDPB Chair Andrea Jelinek highlighted the seriousness of Meta’s actions, stating, “The EDPB found that Meta IE’s infringement is very serious since it concerns systematic, repetitive, and continuous transfers. With millions of users in Europe, Facebook’s transfer of vast amounts of personal data is significant. This unprecedented fine sends a strong message to organizations about the far-reaching consequences of severe infringements.”
European data protection authorities expressed concerns about the lack of privacy protections in the United States compared to the GDPR. This raises the possibility that American intelligence agencies can access European data when it resides on servers in the U.S.
A legal complaint filed by Austrian privacy activist Maximilian Schrems, who founded NOYB almost a decade ago in June 2013, triggers the ruling. The complaint highlights concerns that U.S. mass surveillance programs pose a threat to the adequate protection of European user data during its transfer across the Atlantic.
Schrems proposes a simple solution: impose reasonable limitations on U.S. surveillance laws. He believes that both sides of the Atlantic acknowledge the importance of requiring probable cause and judicial approval for surveillance. Schrems argues that EU customers of major U.S. cloud providers like Amazon, Google, and Microsoft should also enjoy these fundamental protections. He predicts that EU law may lead to similar decisions against other major U.S. cloud providers.
Last year, Meta warned that it might have to halt certain significant products and services in the EU if ordered to suspend transfers to the U.S. A new trans-Atlantic data transfer agreement is expected to finalize later this year as a replacement for the Privacy Shield.
Story credit
Related stories:
