How Africa News
According to an announcement made by Ireland’s regulator on Monday, Facebook owner Meta has been fined a record-breaking 1.2 billion euros ($1.3 billion) for violating a previous court order by sending EU user data to the US.
The European Data Protection Board (EDPB), which represents the European Union, instructed the Irish Data Protection Commission (DPC) to levy “an administrative fine in the amount of 1.2 billion euros.”
Since 2020, the DPC has been looking into Meta Ireland’s transfer of personal data from the EU to the US.
It was determined that Meta, which has its European headquarters in Dublin, had neglected to “address the risks to the fundamental rights and freedoms of data subjects” as they had been noted in a prior decision by the Court of Justice of the European Union (CJEU).
The CJEU interprets EU law to make sure it is applied in the same way in all member states.
In response, Meta said it was “disappointed to have been singled out” and the ruling was “flawed, unjustified and sets a dangerous precedent for the countless other companies”.
“We intend to appeal both the decision’s substance and its orders including the fine, and will seek a stay through the courts to pause the implementation deadlines,” Meta president of global affairs Nick Clegg and chief legal officer Jennifer Newstead said in a blog post.
“There is no immediate disruption to Facebook in Europe,” they added.
Meta said it hopes to see the US and EU adopt a new legal framework for the use of personal data in the coming months, following an agreement in principle last year, which could allow it to continue its data transfer practices.
Fourth Fine
Due to data breaches involving its Instagram, WhatsApp, and Facebook services, EU regulators have fined Meta four times in the last six months and three times this year.
The social media behemoth was hit with a 390 million euro fine by the DPC in January for violating data protection laws when it used tailored advertising on its apps.
Due to its use of WhatsApp for communications, Meta was ordered to pay 5.5 million euros in March for violating the GDPR.
In Luxembourg in 2021, online retailer Amazon was fined 746 million euros for violating the EU’s General Data Protection Regulation (GDPR).
According to the DPC, a fine in this case “would exceed the extent of powers that could be described as being ‘appropriate, proportionate, and necessary'”. Instead, the DPC sought to compel Meta to stop the unlawful data transfers.
The DPC stated that its counterpart regulators in the EU, referred to as Concerned Supervisory Authorities (CSAs), disagreed and thought it ought to be “subject to an administrative fine.”
Without any chance of agreement, the Irish body sent the complaints to the EDPB, which decided that Meta Ireland must stop all future data transfers to the US and pay a fine.
‘Strong Signal’
Clegg and Newstead said the EDPB decision to overrule the DPC “raises serious questions”.
“No country has done more than the US to align with European rules via their latest reforms, while transfers continue largely unchallenged to countries such as China,” they added.
But EDPB chair Andrea Jelinek characterised Meta’s infringement as “very serious” and called its data transfers “systematic, repetitive and continuous”.
“The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences,” she added.
Privacy activist Max Schrems, who set off a decade of legal battles with his challenge against Meta over the movement of EU data to the United States, welcomed the decision.
“Ever since Edward Snowden’s revelations on US big tech aiding the (National Security Agency) mass surveillance apparatus, Facebook (now Meta) was subject to litigation in Ireland,” said his organisation, the European Centre for Digital Rights.
But Schrems said far harsher sanctions could have been used as Meta had “knowingly broken the law to make a profit”.
“It took us 10 years of litigation against the Irish DPC to get to this result… and risked millions of procedural costs,” he added.
“The Irish regulator has done everything to avoid this decision,” he added.
