The European Union has imposed a record privacy fine of $1.3bn on Meta (formerly Facebook) and ordered it to stop transferring user data across the Atlantic by October. This marks the latest development in a decade-long case sparked by concerns around US cybersnooping. The penalty of €1.2bn is the largest handed to a firm since the EU’s data privacy regime was introduced five years ago. Meta has vowed to appeal and request that the decision be put on hold by the courts. It has also warned that its services for European users could be curtailed.
The legal battle between Max Schrems and social media giant Meta traces back to 2013, when Schrems, a privacy activist, filed a complaint about Facebook’s handling of his data in the wake of revelations about electronic surveillance by US security agencies. Schrems’ complaint highlighted the differences between Europe’s strict data privacy regime and the comparatively lax US approach, which lacks a federal privacy law. The EU has become a global leader in regulating Big Tech and protecting users’ personal information through a series of regulations.
An agreement covering EU-U.S. data transfers known as the Privacy Shield was struck down in 2020 by the EU’s top court, which said it didn’t do enough to protect residents from the U.S. government’s electronic prying. Monday’s decision confirmed that another tool to govern data transfers — stock legal contracts — was also invalid.
Brussels and Washington signed a deal last year on a reworked Privacy Shield that Meta could use, but the pact is awaiting a decision from European officials on whether it adequately protects data privacy.
The European Union (EU) institutions have been examining Meta’s data transfer agreement, with the bloc’s lawmakers calling for stronger safeguards. As Meta’s European headquarters is based in Dublin, the Irish Data Protection Commission fined the company because it is the lead regulator for the company’s privacy practices in the EU. The Commission granted Meta five months to stop sending European user data to the US and six months to bring its data operations in line with the EU’s privacy rules by halting the unlawful processing and storage of European users’ personal data transferred in violation of these rules.
Meta has stated that if the new transatlantic privacy agreement comes into effect before the deadlines set by the Irish Data Protection Commission, there will be no interruption or impact for its users. However, privacy activist Max Schrems doubts that Meta will be able to have the decision materially overturned, and has suggested that a new privacy agreement could be struck down by the EU’s top court. In its most recent earnings report, Meta warned that its business, financial condition, and results of operations could be materially and adversely impacted if it is forced to stop offering products and services in Europe. Other social media companies, such as TikTok, are also facing pressure over their data practices.