The Irish Data Protection Commission (DPC) has issued a record fine of €1.2 billion to the parent company of Facebook, Meta, for violations related to the transfer of users’ personal data from the European Union to the United States. This surpasses the previously highest EU GDPR penalty of €746 million that was imposed on Amazon in 2021.
In order for Meta to comply with the ruling, the company must suspend any such data movement from the EU to the US within five months and additionally cease unlawful processing, including storage, of European user data in the US within six months. The decision only applies to Facebook and not its other platforms, namely Instagram and WhatsApp.
the decision was based on an examination of Meta’s ‘standard contractual clauses’ mechanisms used to move user information between the two regions, with the DPC ultimately finding that insufficient measures had been taken to protect European individuals’ fundamental liberties.
Nevertheless, Meta has declared that it plans to appeal the fine.