Meta Platforms Inc. is grappling with a landmark 1.2 billion euro ($1.3 billion) penalty imposed by its principal European Union privacy watchdog. The punitive measure, due to the company's controversial handling of user data, also mandates a halt on transferring user data to the United States within five months.
This action, taken by the Data Protection Commissioner (DPC) of Ireland, follows Meta's continual data transfer, despite an EU court ruling in 2020 that dismantled an EU-U.S. data transfer agreement. The current fine surpasses the previous EU privacy penalty record of 746 million euros charged to Amazon.com Inc (AMZN.O) in 2021.
The dispute over Meta's data storage practices originated ten years ago, instigated by Austrian privacy advocate Max Schrems. Schrems contested the potential risk of U.S. surveillance, prompted by revelations from ex-U.S. National Security Agency contractor Edward Snowden.
In response to the penalty, Meta released a statement indicating its intention to appeal against the ruling and the "unjustified and unnecessary fine that "sets a dangerous precedent for countless other companies." The company will also seek legal suspension of the order.
Despite the ruling, Meta is hopeful that a new pact, enabling safe transfer of EU citizens' personal data to the United States, will be established before the suspension comes into effect. If successful, the company's earlier warning of potential suspension of Facebook services in Europe might be averted.
"Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos," Meta warned.
In March, the DPC expressed optimism that the newly agreed data protection framework by Brussels and Washington might be ready by July. The European Court of Justice had dismissed two previous agreements over concerns regarding U.S. surveillance.
However, Schrems is skeptical about Meta's plans to rely on the new deal. He stated, "In my view, the new deal has maybe a 10% chance of not being killed by the CJEU (EU Court of Justice). Unless U.S. surveillance laws gets fixed, Meta will likely have to keep EU data in the EU."
Meta has now been penalized a total of 2.5 billion euros under the EU's General Data Protection Regulation (GDPR), established in 2018. The record fine was finalized by the European Data Protection Board (EDPB) after four other EU authorities disagreed with DPC's initial decision not to include a fine. The DPC has the highest number of penalties against Meta compared to any other tech firm, with ten other inquiries still ongoing.