Facebook’s owner, Meta, has been issued with a record €1.2bn fine and ordered to suspend the transfer of user data from the EU to the US.
Ireland’s Data Protection Commission which regulates Meta across the EU, issued the record fine for a breach of the bloc’s GDPR. Meta has been given five months to enact it.
Meta has also been given six months to stop “the unlawful processing, including storage, in the US” of personal EU data already transferred across the Atlantic, meaning that user data will need to be removed from Facebook servers.
The ruling does not impact data transfers at Meta’s Instagram and WhatsApp. Meta said it would appeal against the decision and seek a stay on the data transfer order.
The DPC said data transferred by Facebook under a legal instrument called standard contractual clauses “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the [court of justice] in its judgment”.
Meta defined its punishment as being “singled out” by the DPC despite thousands of other businesses using the same data transfer processes.
A spokesperson for the European Commission – the EU’s executive arm – said it hoped a new framework for transatlantic data transfers would be “fully functional by the summer” which would provide the “stability and legal certainty” sought by US tech companies.
