Meta has been hit with an unprecedented $1.3 billion fine by the Irish Data Protection Commission for its mishandling of user data. This penalty sets a new record for privacy violations within the European Union.
The European Union had previously warned Meta about transferring Facebook users’ data to servers located in the United States. The EU expressed concerns that the data was inadequately protected against access by American intelligence agencies. In response to the violation, Meta has been instructed to halt the transfer of this data and has been granted a five-month grace period to comply. The company has announced its intention to contest the ruling through an appeal.
It is important to note that this ruling specifically applies to Facebook and does not encompass Meta’s other platforms, such as Instagram and WhatsApp.
Prior to this incident, the largest fine imposed by the EU for privacy breaches amounted to 746 million euros, imposed on Amazon in 2021 (equivalent to $807 million in 2023) for offenses related to personalized advertising.
Companies have faced uncertainty regarding data protection regulations since 2020 when the EU terminated an agreement that governed data transfers between Europe and the United States. This move was motivated by concerns that data stored in the US was vulnerable to access by security agencies. These concerns date back to 2013 when Edward Snowden disclosed the extensive surveillance activities of the National Security Agency, as reported by Bloomberg.
Last October, President Joe Biden signed an executive order that restricted the ability of American agencies to access individuals’ personal information. However, the implementation of this order still requires approval from EU lawmakers.
In response to the fine, Meta expressed disappointment at being singled out, highlighting that it had employed the same legal mechanism utilized by numerous other companies seeking to provide services in Europe. The company criticized the decision, deeming it flawed, unjustified, and a dangerous precedent for other businesses engaged in data transfers between the EU and the US.