This is a record sanction for a European regulator. The Irish Data Protection Commission (DPC), which acted on behalf of the EU, has just imposed a $1.2 billion fine on the social network for transferring data to the United States. Meta, which intends to appeal this decision, is condemned for having “continued to transfer personal data” of users from the European Economic Area (EEA) to the United States in violation of European rules in the matter.
The Irish Data Protection Commission (DPC) has also clarified that it disapproves of this decision, but that it had been forced to do so by the European Data Protection Board which brings together European regulators including the French Cnil, reports the site Politico.
Obligation to comply with the GDPR
In addition to the fine, Meta must also “suspend any transfer of personal data to the United States within five months” of notification of this decision and must comply with the GDPR within six months. In a statement sent to Agence France Presse, the group describes the fine as “unjustified and unnecessary” and informs of its desire to appeal this decision.
“Thousands of businesses and organizations rely on the ability to transfer data between the EU and the US” and “there is a fundamental rights conflict between US government rules on data access and European privacy rights,” continues the Californian giant. Meta hopes to see the United States and the European Union adopt during the summer a new legal framework for the transfer of personal data, in the wake of an agreement in principle adopted last year.
Three fines for Meta since the start of 2023
This is the third fine imposed on Meta since the beginning of the year in the EU, and the fourth in six months. In January, the Irish Data Protection Commission heavily fined the group to pay nearly 400 million euros for offenses over the use of personal data for advertising purposes targeting its Facebook, Instagram and WhatsApp applications, then in March, to 5.5 million euros for violating the GDPR with his WhatsApp message.
Since then, Meta has committed to changing its terms of use in Europe to be able to continue to collect and process the personal data of its European users. These sanctions come in a context of strengthening controls and judicial procedures in the European Union, but also in the United States, against GAFA (Google, Amazon, Facebook and Apple), and the measures recently taken against the Chinese giant TikTok. In 2021, Amazon had in particular been fined 746 million euros in Luxembourg for non-compliance with the GDPR.