Record fine of 1.2 billion € to be paid by Meta for transferring European data to the USA

The European Union today imposed a record fine of 1.3 billion euros on Meta, Facebook's parent company, for privacy violations and ordered the company to stop transferring users' personal information across the Atlantic by October, CNBC reports.

The decision is related to a case brought by Austrian privacy advocate Max Schrems, who argued that the mechanism for transferring EU citizens' data to the United States does not protect Europeans from USA surveillance.

Several mechanisms for the legal transfer of personal data between the USA and the EU have been challenged. The last such mechanism, the Privacy Shield, was struck down by the European Court of Justice, the EU's highest court, in 2020.

The Irish Data Protection Commission, which oversees Meta's activities in the EU, claimed that the company violated the General Data Protection Regulation (GDPR) when it continued to send personal data of European citizens to the United States despite a 2020 European Court of Justice ruling.

Target used a mechanism called "standard contractual clauses" to transfer personal data to and from the EU. This has not been blocked by any EU court. The Irish data protection supervisory authority stated that these provisions were approved by the European Commission, the EU's executive body, along with other measures implemented by Meta.

However, the regulator said that these measures "do not take into account the risks to the fundamental rights and freedoms of data subjects that have been identified" by the European court.

The Irish Data Protection Commission also ordered Meta to «suspend any future transfer of personal data to the United States for a period of five months» from the date of the decision.

This fine is the largest since the EU's strict data privacy regime came into effect five years ago. It is almost double the €746 million fine Amazon received in 2021 for data protection violations.

Meta, which had previously warned that services for its users in Europe could be suspended, has promised to appeal and is asking the courts to immediately suspend the decision.

The company said that «there are no disruptions to Facebook's operations in Europe.» The decision concerns user data such as names, email and IP addresses, messages, browsing history, geolocation data, and other information that Meta - and other tech giants such as Google - use for targeted online advertising.