Meta, the parent company of Facebook, has been hit with a hefty €1.2 billion fine from the Data Protection Commission (DPC) after a three-year investigation. The DPC determined that Meta had breached GDPR (General Data Protection Regulation) rules when it transferred data of Facebook users to its US servers from Europe.
In response, Meta’s president of global affairs and chief legal officer Jennifer Newstead voiced her dissatisfaction: “We are … disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe. This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US.” She also pointed out that the US has gone to great lengths to align itself with European rules, while other countries such as China have not been held to the same standard.
The fine has been called a “real landmark moment”, as it is the largest sum ever imposed by a European regulator. Addleshaw Goddard’s head of data protection David Hackett noted that the corrective actions imposed on Meta may prove to be a bigger headache for the company than the fine itself. He said that the regulator has given Meta five months to suspend EU-US data flows and six months to bring its data processing operations into compliance with GDPR.
This record fine has shaken the tech industry and serves as a warning to other companies to adhere to data protection regulations. It has established the precedent that violations of GDPR will not be tolerated, and the repercussions can be severe. Meta and other companies must be more vigilant to protect user data and ensure they are compliant with all applicable laws.