Meta has been fined €1.2 billion [$AUD1.9 billion] due to the transfer of user data between the EU and US, with future data transfers being suspended in five months.
The Data Protection Commission (DPC) found that the transfers linked with Facebook were in breach of the General Data Protection Regulation (GDPR) which ensures appropriate protection of user data from the EU to other countries.
Some peer regulators within the EU objected that an administrative fine was necessary or that the company should take action for the data already unlawfully transferred to the US.
The decision was referred to the European Data Protection Board (EDPB) due to consensus not being reached with their decision being adopted by the DPC.
Along with an administrative fine of €1.2 billion [$AUD1.9 billion] and suspension of data transfers in five months Meta Ireland is required to cease the unlawful storage of EU user data in the US within six months.
Meta’s spokesperson said that without the ability to transfer data between countries, many people would be unable to access shared services.
“Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos,” they said.
In 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield that acted as the framework for data transfer, but continued with the Standard Contractual Clause (SCCs).
The DPC found that the updated SCCs and Meta Ireland’s supplementary measures “did not address the risks to the fundamental rights and freedoms of data subjects” that the 2020 judgement identified.
Meta said there won’t be any immediate disruption to Facebook.
“We intend to appeal both the decision’s substance and its orders including the fine, and will seek a stay through the courts to pause the implementation deadlines,” they said.
Photo: Facebook Logo by Pixabay is available HERE and used under a Creative Commons License. The image has not been modified.