Facebook parent Meta hit with record $1.3-billion fine by EU over data privacy

FILE - Facebook's Meta logo sign is seen at the company headquarters in Menlo Park, Calif., Oct. 28, 2021. European Union hits Facebook parent Meta with record $1.3 billion fine over transfers of user data to US. (AP Photo/Tony Avelar, File)

(Tony Avelar / Associated Press)

Facebook parent Meta hit with record $1.3-billion fine by EU over data privacy

May 22, 2023

The European Union slapped Meta with a record $1.3-billion privacy fine Monday and ordered it to stop transferring user data across the Atlantic by October, the latest salvo in a decade-long case sparked by U.S. cyber-snooping fears.

The penalty of 1.2 billion euros is the biggest since the EU’s strict data-privacy regime took effect five years ago, surpassing Amazon’s 746-million euro penalty in 2021 for data-protection violations.

Meta, which had previously warned that services for its users in Europe could be cut off, vowed to appeal and ask courts to immediately put the decision on hold.

There is no immediate disruption to Facebook in Europe, the company said.

This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S., Nick Clegg, Meta’s president of global and affairs, and Chief Legal Officer Jennifer Newstead said in a statement.

It’s yet another twist in a legal battle that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebooks handling of his data following former National Security Agency contractor Edward Snowdens revelations of electronic surveillance by U.S. security agencies. That included the disclosure that Facebook gave the agencies access to the personal data of Europeans.

Meta fined 390 million euros in latest European privacy crackdown

The saga has highlighted the clash between Washington and Brussels over the differences between Europe’s strict view on data privacy and the looser regime in the U.S., which lacks a federal privacy law. The EU has been a global leader in reining in the power of Big Tech with a series of regulations forcing companies to police their platforms more strictly and protect users’ personal information.

An agreement covering EU-U.S. data transfers known as the Privacy Shield was struck down in 2020 by the EU’s top court, which said it didnt do enough to protect residents from the U.S. government’s electronic prying. Monday’s decision confirmed that another tool to govern data transfers stock legal contracts was also invalid.

Brussels and Washington signed an agreement last year on a reworked Privacy Shield that Meta could use, but the pact is awaiting a decision from European officials on whether it adequately protects data privacy.

EU institutions have been reviewing the agreement, and the bloc’s lawmakers this month called for improvements, saying the safeguards aren’t strong enough.

Meta disables Russia’s anti-Ukraine propaganda targeting Europe

Irelands Data Protection Commission handed down the EU fine as Metas lead privacy regulator in the 27-nation bloc because the Silicon Valley tech giants European headquarters is based in Dublin.

The Irish watchdog said it gave Meta five months to stop sending European user data to the U.S. and six months to bring its data operations into compliance by ceasing the unlawful processing, including storage, in the U.S.” of European users’ personal data transferred in violation of the bloc’s privacy rules.

If the new transatlantic privacy agreement takes effect before these deadlines, “our services can continue as they do today without any disruption or impact on users,” Meta said.

Schrems predicted that Meta has no real chance of getting the decision materially overturned. And a new privacy pact might not mean the end of Meta’s troubles, because there’s a good chance it could be tossed out by the EU’s top court, he said.

Meta plans to rely on the new deal for transfers going forward, but this is likely not a permanent fix,” Schrems said in a statement. “Unless U.S. surveillance laws gets fixed, Meta will likely have to keep EU data in the EU.

Meta warned in its latest earnings report that, without a legal basis for data transfers, it would be forced to stop offering its products and services in Europe, which would materially and adversely affect our business, financial condition, and results of operations.

The social media company might have to carry out a costly and complex revamp of its operations if it’s forced to stop shipping user data across the Atlantic. Meta has a fleet of 21 data centers, according to its website, but 17 of them are in the U.S. Three others are in the EU nations of Denmark, Ireland and Sweden. Another is in Singapore.

Other social media giants are facing pressure over their data practices. Chinese-owned TikTok has tried to soothe Western fears about its potential cybersecurity risks with a $1.5-billion project to store U.S. user data on Oracle servers.