The European Union (EU) has hit Meta Platforms with a €1.2 billion penalty for allegedly violating transatlantic data transfers, the Financial Times reported on Monday.
Ireland’s Data Protection Commission (DPC) slapped the tech giant with the massive sanction — the largest such fine against any Big Tech firm in history.
The Dublin-based organisation manages and oversees the bloc’s General Data Protection Regulation (GDPR). A press release cited Meta Ireland’s alleged failure to safeguard data transfers from the EU to the United States.
Latest News: Data Protection Commission announces conclusion of inquiry into Meta Ireland https://t.co/fFcppEOCFT pic.twitter.com/tTgLMlw3sY
— Data Protection Commission Ireland (@DPCIreland) May 22, 2023
It added that data flows between the two regions relied on contractual clauses that failed to “address the risks to the fundamental rights and freedoms” of internet users.
The DPC has ordered Meta Ireland to “suspend any further transfer of personal data to the US” with a five-month deadline. Meta also has a further six months to stop processing and storing data from European citizens in the US, namely those marked as in violation of GDPR.
The EU Court of Justice previously ordered Meta to protect European users from US surveillance programmes, the report added.
Meta Response to EU Penalty
Nick Clegg, President of Global Affairs, Meta, responded, stating his company was “disappointed” to have been “singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe.”
He continued: “This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US.”
Today’s @DPCIreland decision is not about one company’s privacy practices – there is a fundamental conflict of law between the US government’s rules on access to data & European privacy rights, which policymakers are expected to resolve in the summer. See our blog here:…
— Nick Clegg (@nickclegg) May 22, 2023
The case involved an alleged violation of Article 46(1) in the GDPR framework, where it continued transferring to the US following a major court ruling.
The case, Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems, found that Mta Ireland “failed to address the risks to the fundamental rights and freedoms of data subjects that were identified by the CJEU in its judgment.”
Conversely, Schrems added that the fines “could have been much higher” as the maximum fines for such infractions was “more than €4 billion.”
He continued as quoted by the FT: “[Unless] US surveillance laws get fixed, Meta will have to fundamentally restructure its systems.”
Reports show that the company will likely appeal the DPC ruling while replacing its transatlantic privacy policies. This also applies to the Privacy Shield used to protect Europeans data flows.
Previously, the company slammed EU allegations it had violated GDPR, stating it had fully complied with the regulations. These were based on “Contractual Necessity” for behavioural ads, adding it would appeal the decision.
Meta also lambasted EU regulators for having a “lack of regulatory clarity” on GDPR data rules and would challenge the penalties.
Governments Crack Down on Big Tech
The news comes after global regulators have begun cracking down on Big Tech firms with a series of massive fines and penalties.
Meta recently had to pay around $725 million USD in a class action lawsuit after Californian courts sued the tech giant over the Cambridge Analytica scandal.
The case found that Meta’s Facebook platform leaked data from nearly 87 million users in 2014. Following the news, the case went to trial in 2018, marking the largest data breach in Meta’s history.
Subsequently, the US Federal Trade Commission (FTC) imposed a $5 billion USD penalty in 2019. This has led to further concerns over data privacy on Meta’s Facebook social media platform.
In the most recent scandal, EU regulators imposed a huge $414 million USD penalty on Meta Platforms over the reported GDPR violations.
Big Tech Faces Big Settlements
In January, the US Department of Justice (DoJ) filed a lawsuit against Google’s parent firm, Alphabet. A press release cited anti-competitive practices on digital advertising on its ad manager platform.
The DoJ then slammed Alphabet for alleged “anticompetitive, exclusionary, and unlawful conduct to eliminate or severely diminish any threat to its dominance over digital advertising technologies.”
Google earns around 80 percent of its revenues from advertising, and the latest lawsuit could severely hit the Mountain View-based company’s earnings. It could also impact advertising revenues on future XR devices using its services, including ARCore, used for public AR experiences.
EU regulators hit Google with a €2.42 billion fine in April over similar anticompetitive practices, triggering an outcry from the US tech giant.
EU regulators also imposed a huge $414 million USD penalty on Meta Platforms’ over alleged GDPR violations.
Additionally, Microsoft suffered from regulatory scrutiny after the FTC launched a challenge to its Activision buyout. The current lawsuit is still pending and will open for hearings in August.
The United Kingdom’s Competition and Markets Authority (CMA) also blocked the deal, despite EU officials stating it would approve the acquisition under stipulations.