Ireland imposes a 1.2 billion Euros penalty on Meta for sharing data illegally
Ireland’s Data Protection Authority imposed a huge fine of 1.2 billion Euros on Meta Platforms Ireland Limited for breaching data.
This is in reference to the binding decision by the EDPB on a dispute between the IE SA and several other CSAs regarding the IE SA’s draft decision on an inquiry into Meta IE’s transfers of personal data to the U.S. using SCCs for its Facebook service.
The inquiry was triggered by a CJEU judgment that invalidated the Privacy Shield and questioned the validity of SCCs. The inquiry examined the lawfulness of Meta IE’s data transfers and the corrective measures to be taken, Mettis Global reported today.
The fine is the largest ever imposed under the EU data protection law. Meta IE was found to have transferred the personal data of millions of European users to the U.S. without adequate safeguards since July 2020.
The company has six months to stop the unlawful processing and storage of data in the U.S. The fine follows a binding decision by the European Data Protection Board (EDPB) in April 2023.
Andrea Jelinek, EDPB Chair, said: “The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive, and continuous.
Adding that Facebook has millions of users in Europe, the volume of personal data transferred is massive. The unprecedented fine strongly signals organisations that serious infringements have far-reaching consequences.
Meta has also been ordered to cease the processing of personal data of European users in the United States within six months.
Meta said it would appeal the ruling, including the fine, stating that there would be no immediate disruption to Facebook in Europe.
The company said the root of the issue stemmed from a “conflict of law” between US rules on access to data and the privacy rights of Europeans.