Meta hit with a record $1.3B fine after mishandling user data

Share

Meta has been slapped with a staggering $1.3 billion fine following its mishandling of user information and its continued transfer of data to the United States despite a 2020 EU court ruling that invalidated an EU-U.S. data transfer agreement. 

The tech giant was fined by Ireland’s Data Protection Commissioner (DPC), the leading EU privacy regulator. The dispute began when Austrian privacy advocate Max Schrems raised concerns about the risk of U.S. surveillance. 

This in turn led to the invalidation of previous EU-U.S. data transfer pacts by the European Court of Justice over fears of inadequate privacy protections. 

The DPC’s $1.3 billion penalty surpasses the previous privacy fine of 746 million euros imposed on Amazon in 2021. 

In response, Meta expressed dissatisfaction with the “unjustified and unnecessary” penalty and plans to appeal the ruling. The company argues that the decision sets a concerning precedent for numerous other businesses in regard to data mangement and plans to seek legal intervention to suspend the enforcement orders. 

Meta expects a new data transfer agreement to be implemented before the suspension, preventing a potential halt in Facebook services in Europe. The company highlights concerns about internet fragmentation if cross-border data transfers are limited. 

EU and U.S. officials are working to establish a new data protection framework following the European Court of Justice’s invalidation of previous data transfer agreements due to concerns about U.S. surveillance practices.  

However, privacy advocate Max Schrems doubts the effectiveness of the proposed agreement, suggesting that Meta may need to store EU user data within the EU unless U.S. surveillance laws undergo significant changes. 

In addition to the substantial fine of 2.5 billion euros for GDPR violations, Meta is facing 10 ongoing investigations into its social media platforms.  

The outcome of Meta’s appeal and the future of data transfers between the EU and the U.S. will have far-reaching implications for privacy and data protection in the tech industry.