Meta fined $1.29 bn over EU data law breach linked to mass surveillance
FACEBOOK parent company Meta was on Monday hit with a record fine of ?1.2 billion ($1.29 billion) for a breach of EU data laws, and said that it would appeal against “the unjustified and unnecessary” punishment.
The case - representing the biggest fine since the EU’s General Data Protection Regulation (GDPR) came into force five years ago - concerns Facebook’s involvement in mass surveillance by AngloAmerican intelligence agencies, which was revealed by US whistleblower Edward Snowden 10 years ago.
Arrangements put in place by Meta following a previous ruling by the EU’s Court of Justice “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the CJEU in its judgment,” the Irish data protection authority DPC said.
Meta Ireland was ordered by the DPC to “suspend any future transfer of personal data to the US within the period of five months” from the communication of the ruling.
In its response, Meta insisted however that “there is no immediate disruption to Facebook in Europe... because the decision includes implementation periods that run until later this year.”
In a statement issued by Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, its chief legal officer, the US firm said that “there is a fundamental conflict of law between the US government’s rules on access to data and European privacy rights, which policymakers are expected to resolve in the summer.”
“We will appeal the ruling, including the unjustified and unnecessary fine, and seek a stay of the orders through the courts.”
Meta has previously threatened several times to withdraw completely from the EU if transatlantic data transfer was not possible in the long term.
In its statement on Monday, Meta argued that “the ability for data to be transferred across borders is fundamental to how the global open internet works.”
The DPC is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.
As a result of so many US tech companies being headquartered in Dublin, the DPC is responsible for regulating a lot of data protection issues on behalf of the EU for social media companies.
The complaint against Facebook was brought by Austrian data protection activist Max Schrems, who said Meta had knowingly breached EU data laws for years “in order to make a profit.”