The EU fined Facebook 1.3 billion euros for transferring data of EU users to the US

The EU fined Facebook 1.3 billion euros for transferring data of EU users to the US

The EU regulatory body, the Irish Data Protection Commission (DPC), has fined Facebook’s parent company Meta a record €1.2 billion for transferring personal data of EU users to the US, in which the company violated Article 46(1) of the GDPR (General data protection regulation).

Article 46(1) of the GDPR prohibits the transfer of personal data to countries or international organizations that lack safeguards that guarantee data security. Facebook violated this article of the GDPR by transferring user data from the EU to the US, where data protection regulations vary from country to country and are considered inadequate to protect the rights of data subjects in the EU.

The fine came after Meta continued to transfer user data from the EU following a 2020 EU court ruling that invalidated the 2016 EU-US Privacy Shield Agreement. That agreement allowed US companies that were on the list that is part of the agreement to keep the data of users from the EU.

In a binding decision by the European Data Protection Board (EDPB), Meta was ordered to bring its data transfers into line with the GDPR and delete unlawfully transferred, stored and processed data within six months.

In addition, Meta was ordered to stop all transmission of Facebook user data within five months. Instagram and WhatsApp, which are also owned by the company, are not subject to the order.

“The EDPB has determined that the violation of rights is very serious because it concerns transfers that are systematic, repetitive and continuous,” said Andrea Jelinek, chairwoman of the EDPB in a statement. “Facebook has millions of users in Europe, so the volume of personal data transferred is huge. The unprecedented fine is a strong signal to organizations that serious violations have far-reaching consequences.”

European data protection agencies have repeatedly highlighted the lack of equivalent privacy protections to GDPR in the US, potentially allowing US intelligence services to access data of Europeans sent to servers located in the US.

The DPC’s ruling was the result of a complaint filed nearly a decade ago in June 2013 by Austrian privacy activist Maximilian Schrems over concerns that user data was not sufficiently protected from US mass surveillance programs exposed by a whistleblower and former employee of the US Secret Service. national security Edward Snowden.

“The simplest solution would be reasonable restrictions in American surveillance law,” Schrems said. “It would be time to give these basic protections to EU users of US cloud providers. Any major US cloud provider, such as Amazon, Google or Microsoft, could be hit by a similar decision under EU law. “Unless US surveillance laws are fixed, Meta will likely have to keep EU data in the EU,” Schrems added.

Meta said it intends to appeal the ruling, including the “unwarranted and unnecessary penalty that sets a dangerous precedent for countless other companies.” The company also announced that it will seek a postponement of the order to stop data transmission through the courts.

“Without the ability to transfer data across borders, the Internet risks being divided into national and regional silos, constraining the global economy and leaving citizens in different countries unable to access many of the shared services we’ve come to rely on,” Meta said.

Last year, the company warned that if it was ordered to halt data transfers to the US, it might have to stop offering “a number of its most significant products and services” in the EU.

“This is not about one company’s privacy practices – there is a fundamental conflict of law between the US government’s data access rules and European privacy rights, which policymakers are expected to resolve this summer.” Meta explained.

Namely, it is expected that the new transatlantic agreement on secure data transfer will be finalized during this year, and Meta hopes that this agreement will be fully implemented before it has to suspend data transfer, which could leave users from the EU without Facebook.

This fine is the largest ever imposed under the GDPR, and surpasses the €746 million fine imposed on Amazon in July 2021 for similar privacy violations.

This is the third fine the DPC has imposed on Meta this year. In January, Meta was fined 390 million euros for inadequate handling of user information for the purpose of displaying ads on Facebook and Instagram.

Two weeks later, DPC has fined WhatsAppwhich is also owned by Meta, with €5.5 million for violating data protection laws by forcing users to “consent to the processing of their personal data to improve services and security” and requiring users to agree to updated terms of use services so they can continue using WhatsApp.

Photo: David Sokolowski / Unsplash

Source: by

*The article has been translated based on the content of by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!