Meta President of Global Affairs Nick Clegg (Photo by KENZO TRIBOUILLARD/AFP via Getty Images)
Meta has been hit with a €1.2 billion—$1.3 billion—fine by the European Union following a decision by the Irish Data Protection Commissioner (DPC) that said the Facebook parent company has been transferring data to the U.S. unlawfully.
The penalty is the largest ever to be imposed for breaches of the General Data Protection Regulation, and relates to Meta’s transfers of personal data to the U.S. on the basis of standard contractual clauses (SCCs) since July 16, 2020.
The decision relates to Meta’s behavior following a decision from the Court of Justice of the European Union (CJEU) in a case brought by campaigner Max Schrems following whistleblower Edward Snowden’s revelations that U.S. authorities were accessing data from social media.
Using SCCs to facilitate data transfers, say the DPC and the European Data Protection Board (EDPB), fails to adequately protect European personal data.
“The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive and continuous,” says Andrea Jelinek, chair of the EDPB.
“Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences.”
The fine is the third to be imposed on Meta this year alone, with the company having already been slapped with penalties of hundreds of millions of euros.
Alongside the fine, Meta has been ordered to bring its practices into line with GDPR by halting the unlawful data processing, including storage in the U.S., within five months. The decision throws EU-U.S. data transfers into a state of uncertainty.
Last fall, President Biden signed an executive order aimed at introducing new data protection safeguards for European citizens, but this new Data Privacy Framework (DPF) still needs to be finalized.
The Computer & Communications Industry Association (CCIA) is calling for a speedy resolution.
“To keep data flowing between the U.S. and EU, and to preserve the strength of our mutually beneficial trading relationship, prompt implementation of President Biden’s executive order is vital,” says CCIA president Matt Schruers.
“We look forward to the U.S. administration swiftly completing the implementation of all privacy safeguards and redress mechanisms that the executive order seeks to introduce.”
Meta says it’s only using the same mechanisms as other U.S. firms, and that the new privacy framework should come into operation soon.
Schrems believes, however, that the new deal will also fail, having already come in for harsh criticism from the European Parliament.
“The simplest fix would be reasonable limitations in U.S. surveillance law. There is an understanding on both sides of the Atlantic that we need probable cause and judicial approval of surveillance,” he says.
“It would be time to grant these basic protections to EU customers of U.S. cloud providers. Any other big U.S. cloud provider, such as Amazon, Google or Microsoft could be hit with a similar decision under EU law.”
Meta says it is appealing the decision and is seeking a stay on implementation deadlines. And, say Nick Clegg, president of global affairs, and chief legal officer Jennifer Newstead, “This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.”
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
