An Irish watchdog, the Data Protection Commission (DPC), fined Facebook’s parent company Meta a record €1.2 billion for unlawfully forwarding user data to the United States. The fine tops the previous highest fine from the DPC that Amazon received in 2021.
According to the Irish Data Protection Commission (DPC), Meta, which has its European headquarters in Dublin, did not adequately address “risks to the fundamental rights and freedoms of data subjects.”
The decision states that Meta’s practices to date were in breach of the General Data Protection Regulation (GDPR) and ordered Meta Ireland — the headquarters of the company’s European operations — to “suspend any future transfer of personal data to the U.S. within the period of five months.” According to the DPC decision, Meta will have six months to stop the unlawful processing and storage of personal data of European citizens in the United States.
However, the decision published on Monday only applies to Facebook and not to other services operated by Meta, such as Instagram and WhatsApp.
In response, two Meta officials, Nick Clegg, Meta president of global affairs, and Jennifer Newstead, Meta chief legal officer, expressed their disappointment in a blog entry, saying the ruling unjustly singled out Meta from thousands of companies using the same data handling protocols.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.,” they wrote.
They added that Meta intends “to appeal both the decision’s substance and its orders including the fine, and will seek a stay through the courts to pause the implementation deadlines.”
