The European Union slapped Meta with a record $1.3 billion privacy fine Monday and ordered it to stop transferring users91Ƶ personal information across the Atlantic by October, the latest salvo in a .
The penalty of 1.2 billion euros is the biggest since the EU91Ƶs strict data privacy regime took effect five years ago, surpassing in 2021 for data protection violations.
Meta, which had previously warned that services for its users in Europe could be cut off, vowed to appeal and ask courts to immediately put the decision on hold.
The company said 91Ƶthere is no immediate disruption to Facebook in Europe.91Ƶ The decision applies to user data like names, email and IP addresses, messages, viewing history, geolocation data and other information that Meta 91Ƶ and other tech giants like Google 91Ƶ use for targeted online ads.
91ƵThis decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.,91Ƶ Nick Clegg, Meta91Ƶs president of global affairs, and chief legal officer Jennifer Newstead said in a statement.
It91Ƶs yet another twist in a legal battle that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebook91Ƶs handling of his data following former National Security Agency contractor of electronic surveillance by U.S. security agencies. That included the disclosure that Facebook gave the agencies access to the personal data of Europeans.
The saga has highlighted the over the differences between Europe91Ƶs strict view on data privacy and the comparatively lax regime in the U.S., which lacks a federal privacy law. The EU has been a global leader in reining in the power of Big Tech with a series of regulations and protect users91Ƶ personal information.
An agreement covering EU-U.S. data transfers known as the by the EU91Ƶs top court, which said it didn91Ƶt do enough to protect residents from the U.S. government91Ƶs electronic prying. Monday91Ƶs decision confirmed that another tool to govern data transfers 91Ƶ stock legal contracts 91Ƶ was also invalid.
last year on a reworked Privacy Shield that Meta could use, but the pact is awaiting a decision from European officials on whether it adequately protects data privacy.
EU institutions have been reviewing the agreement, and the bloc91Ƶs lawmakers , saying the safeguards aren91Ƶt strong enough.
The Ireland91Ƶs Data Protection Commission handed down the fine as Meta91Ƶs lead privacy regulator in the 27-nation bloc because the Silicon Valley tech giant91Ƶs European headquarters is based in Dublin.
The Irish watchdog said it gave Meta five months to stop sending European user data to the U.S. and six months to bring its data operations into compliance 91Ƶby ceasing the unlawful processing, including storage, in the U.S.91Ƶ of European users91Ƶ personal data transferred in violation of the bloc91Ƶs privacy rules.
In other words, Meta has to erase all that data, which could be a bigger problem than the fine, said Johnny Ryan, senior fellow at the Irish Council for Civil Liberties, a nonprofit rights group that has worked on digital and data issues.
91ƵThis order to delete data is really a headache for Meta,91Ƶ Ryan said. If the company has to scrub data for hundreds of millions of European Union users going back 10 years, 91Ƶit is very hard to see how it will be able to comply with that order.91Ƶ
If a new transatlantic privacy agreement does take effect before the deadlines, 91Ƶour services can continue as they do today without any disruption or impact on users,91Ƶ Meta said.
Schrems predicted that Meta has 91Ƶno real chance91Ƶ of getting the decision materially overturned. And a new privacy pact might not mean the end of Meta91Ƶs troubles, because there91Ƶs a good chance it could be tossed out by the EU91Ƶs top court, he said.
91ƵMeta plans to rely on the new deal for transfers going forward, but this is likely not a permanent fix,91Ƶ Schrems said in a statement. 91ƵUnless U.S. surveillance laws gets fixed, Meta will likely have to keep EU data in the EU.91Ƶ
Schrems said a possible solution could be a 91Ƶfederated91Ƶ social network, where European data stays in Meta91Ƶs data centers in Europe, 91Ƶunless users for example chat with a U.S. friend.91Ƶ
Meta warned in its latest earnings report that without a legal basis for data transfers, it will be forced to stop offering its products and services in Europe, 91Ƶwhich would materially and adversely affect our business, financial condition, and results of operations.91Ƶ
The social media company might have to carry out a costly and complex revamp of its operations if it91Ƶs ultimately forced to stop the transfers. Meta has a fleet of 21 data centers, according to its website, but 17 of them are in the United States. Three others are in the European nations of Denmark, Ireland and Sweden. Another is in Singapore.
Other social media giants are facing pressure over their data practices. about the Chinese-owned short video sharing app91Ƶs potential cybersecurity risks with a $1.5 billion project to store U.S. user data on Oracle servers.
Kelvin Chan, The Associated Press
Like us on and follow us on .