Meta, the parent company of Facebook, has been hit with a record fine of EUR 1.2 billion (approximately Rs. 10,750 crore) for illegally transferring user data from the European Union to the United States, according to an announcement made by Ireland’s regulatory authority on Monday.
The Irish Data Protection Commission (DPC), acting on behalf of the EU, stated that the European Data Protection Board (EDPB) mandated the imposition of an administrative fine amounting to EUR 1.2 billion.
This investigation into Meta Ireland’s data transfer practices began in 2020, with the DPC concluding that the company did not sufficiently mitigate the risks to the fundamental rights and freedoms of EU citizens, a concern raised in a prior ruling by the Court of Justice of the European Union (CJEU).
The CJEU is responsible for ensuring uniform interpretation of EU law across member states.
Meta expressed its disappointment regarding the ruling, calling it “flawed and unjustified” and arguing that it sets a troubling precedent for numerous other businesses. “We plan to appeal both the findings and the imposed fine while seeking a court stay to halt implementation deadlines,” said Meta’s President of Global Affairs, Nick Clegg, alongside Chief Legal Officer Jennifer Newstead in a blog post.
They reassured users that “there is no immediate disruption to Facebook in Europe,” despite the legal proceedings.
Fourth Fine
Initially, the DPC aimed to compel Meta to cease the data transfers in question, believing that a financial penalty would exceed what could be seen as “appropriate, proportionate, and necessary.” However, this viewpoint was not shared by other EU regulators, known as Concerned Supervisory Authorities (CSAs).
The DPC noted, “All four CSAs concluded that Meta Ireland should face an administrative fine.” When consensus could not be reached, the DPC escalated the matter to the EDPB, which ruled in favor of suspending future transfers of personal data to the U.S. and enforced the fine.
Clegg and Newstead commented in their blog that the EDPB’s override of the DPC raises significant concerns. They pointed out, “No nation has made more efforts than the U.S. to align with European regulations through recent reforms, while data transfers to countries like China continue largely unchallenged.”
Meta has previously faced substantial fines in the EU for data-related breaches across its platforms, including Instagram, WhatsApp, and Facebook. This current fine represents the third penalty imposed on Meta in 2023 alone and marks the fourth fine within just six months.
In a notable case, Amazon was previously fined EUR 746 million (almost Rs. 6,685 crore) in Luxembourg for violations of the EU’s General Data Protection Regulation in 2021.
