Meta, the parent company of social media platform Facebook, has been fined a record €1.2 bn. by Ireland’s Data Protection Commission (DPC) in relation to breaches of the European Union’s General Data Protection Regulation (GDPR) in respect of user data transfers from the EU to the USA, Irish broadcaster RTE reports.
The company has been given five months to implement changes to such data transfers.
The DPC said Meta had infringed the GDPR by continuing to transfer EU user data to the US despite a ruling by the European court of justice requiring strong protection of such information, adding that the data transferred by Facebook under a measure called standard contractual clauses “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the [European Court of Justice] in its judgment”.
Meta has said it will appeal the decision, as well as commenting that it was disappointed to have been singled out when using the same legal mechanisms as thousands of other companies providing services in Europe.
The EU and the USA have agreed a new data transfer framework which is expected to be in place later this year.
This is the largest ever fine levied in the EU for a privacy breach. The previous record penalty of €746 mn was imposed on Amazon in 2021.