Meta (formerly Facebook) slapped with record €1.2 Billion fine for breaching EU user data transfer rules

The fine, ordered by the European Data Protection Board (EDPB) on behalf of the EU, comes as a result of Meta's failure to address the risks to users' fundamental rights and freedoms, as previously highlighted by a ruling from the Court of Justice of the European Union (CJEU), reported AFP.

The investigation into Meta Ireland's data transfers, which began in 2020, revealed a breach of EU data protection regulations.

The DPC, acting as the EU representative, found that Meta, headquartered in Dublin, had disregarded the concerns raised by the CJEU ruling. The CJEU serves as the authoritative body responsible for interpreting and ensuring consistent application of EU law across member states.

Meta responded to the fine by expressing disappointment at being singled out and criticizing the ruling as flawed, unjustified, and potentially setting a dangerous precedent.

The company's President of Global Affairs, Nick Clegg, and Chief Legal Officer, Jennifer Newstead, stated in a blog post that they intended to appeal the decision, including the fine, seeking a stay through the courts to pause the implementation deadlines.

They reassured users that there would be no immediate disruption to Facebook's services in Europe.

Initially, the DPC aimed to force Meta to suspend the data transfers, questioning the appropriateness of a fine exceeding its powers.

However, the Concerned Supervisory Authorities (CSAs), comprising peer regulators from EU member states, disagreed. Consequently, the DPC referred the matter to the EDPB, which ultimately ruled in favor of suspending future data transfers to the United States and imposing the hefty fine.

Clegg and Newstead expressed concerns about the EDPB's decision, suggesting that it raised serious questions. They argued that the US had made significant efforts to align with European rules through recent reforms, while data transfers to other countries, such as China, continued without similar scrutiny.

This latest fine adds to the growing list of penalties imposed on Meta by EU regulators for data breaches involving its platforms, including Instagram, WhatsApp, and Facebook. It marks the third fine Meta has received in the EU this year and the fourth within the past six months.

Last year, Amazon faced a substantial fine of €746 million in Luxembourg for violating the EU's General Data Protection Regulation (GDPR).

Despite the fine, Meta's operations in Europe remain unaffected for the time being. The company's legal battle against the decision is expected to unfold through the appeals process.