The European Union on Monday ordered the transfer of user data across the Atlantic to stop by October and imposed a $1.3 billion privacy fine.
The 1.2 billion euros sum is the highest since the EU’s stringent data protection rules came into force five years ago, and tops the €746 million fine Amazon imposed for data breaches in 2021.
Meta, which had previously warned that its services to European users could be suspended, promised to appeal and ask the court to immediately suspend the ruling.
In 2013, Austrian lawyer and privacy activist Max Schrems complained about Facebook’s handling of his data after former National Security Agency employee Edward Snowden’s revelations of electronic surveillance by the United States.
This included revelations that Facebook had given US agencies access to personal data of Europeans.
A data transfer known as the Privacy Shield was rejected by the EU’s Supreme Court in 2020 on the grounds that it did not do enough to protect its residents from the the U.S. government’s electronic prying.
Brussels and Washington signed an agreement last year to revise the Privacy Shield that could be used by Meta, pending a decision by European authorities on whether the agreement adequately protects privacy.
EU institutions are reviewing the pact, and EU lawmakers this month called for improvements that the safeguards were not strong enough.
The Irish Data Protection Commission has fined Silicon Valley tech giant Meta as its lead data protection authority in 27-nation bloc because its European headquarters are in Dublin.
Irish regulators have announced they have given Meta five months to stop transferring European user data to the United States and six months to bring its data operations into compliance by ceasing the unlawful processing personal data of European users submitted in violation of the EU privacy rules.
And a new privacy agreement may not mean the end of Meta’s troubles, as it could well be overturned by the EU Supreme Court, Max Schrems said.
Meta warned in its latest earnings report that without a legal basis for the data transfer, the company would be forced to cease offering its products and services in Europe. will have a material adverse effect on operating results.
If the social media company were forced to stop sending user data across the Atlantic, it could face a costly and complex restructuring.