Meta was fined $1.3 billion by Ireland's privacy regulator Monday for violating European Union data protection laws in connection with its EU Facebook account holders. The company said it would appeal. File Photo by Terry Schmitt/UPI | License Photo
May 22 (UPI) -- Ireland's Data Protection Commission on Monday fined Meta $1.3 billion for privacy violations and ordered the U.S. tech giant to stop transferring user data across the Atlantic by October.
The penalty was imposed following a three-year investigation into how Meta Ireland sends personal data from the European Union to the United States in the delivery of its Facebook service, according to a news release from the DPC, which has regulatory jurisdiction because Meta's European operation is headquartered in Dublin.
The DPC had proposed a much smaller fine and placed a block on the illegal transfer of data in contravention of the EU's 2016 General Data Protection Regulation. But a spat among regulators elsewhere in the 27-country bloc saw the European Data Protection Board overrule it.
The ruling found that Meta Ireland infringed on GDPR when it continued to transfer personal data from the EU to the United States even after the EU Court of Justice ruled against Facebook Ireland in a case brought by the Data Protection Commissioner in July 2020.
"While Meta Ireland effected those transfers on the basis of the updated Standard Contractual Clauses that were adopted by the European Commission in 2021 in conjunction with additional supplementary measures that were implemented by Meta Ireland, the DPC found that these arrangements did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the CJEU in its judgment."
Monday's DPC order also requires Meta to halt the U.S. processing and storage of transferred data within six months.
Meta, which said there would be no immediate disruption to Facebook in Europe, pledged to appeal the ruling, including the "unjustified and unnecessary fine," and seek a stay of the orders through the courts, saying it set a "dangerous precedent" for companies that transfer data between the EU and the United States.
"The ability for data to be transferred across borders is fundamental to how the global open Internet works. Thousands of businesses and other organizations rely on the ability to transfer data between the EU and the U.S. in order to operate and provide services that people use every day," Meta Global Affairs President Nick Clegg wrote.
"Without the ability to transfer data across borders, the Internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on."
Meta, the parent company of Facebook and Instagram, had previously been found in violation of EU privacy laws for its handling of user data. The DPC imposed fines on Meta Ireland totaling $414 million in January for GDPR violations by Facebook and Instagram.