Meta fined €1.2 billion for breaching EU data protection rules

Ireland’s Data Protection Commission has fined Meta €1.2 billion and ordered the company to stop transferring Facebook user data to the United States in a major ruling handed down on Monday.

In its ruling, the Commission said that Meta failed to comply with a 2020 decision that data transferred from the EU to the United States is not subject to the same data protection levels in the United States, compared to the protection offered by the EU.

Monday’s ruling, one of the most consequential since the EU implemented its General Data Protection Regulation, comes with a five-month grace period with an opportunity to appeal.

Meta has already announced that it will appeal the decision and insisted that the decision will not disrupt its services in the EU.

Meta owns Facebook, Instagram and WhatsApp, but the ruling will only apply to Facebook data.

This ruling comes as EU and American officials are renegotiating a data-sharing pact that will allow Meta to move information about users across the Atlantic.

Back in 2020, an Austrian privacy activist Max Schrems challenged the EU’s data-sharing pact with the US called the EU-US Privacy Shield after whistleblower Edward Snowden revealed in 2013 that US intelligence agencies use surveillance programs to access the personal data of Europeans.

Schrems filed the complaint against Facebook Ireland before the Irish Data Protection Commissioner arguing that his personal data, and any other user’s personal data, should not be sent from Facebook Ireland to its US parent company Facebook Inc since it has to grant the US National Security Agency access to such data.