Meta* will pay a record fine for violating the privacy of European users’ data

European privacy regulators have fined Meta (former Facebook) for a record 1.2 billion euros ($1.3 billion) for transferring user data from the EU to the US.

The decision is related to the case of the Austrian activist Max Schrems for the defense of the rights to confidentiality data. Schrems argued that the existing mechanism for transferring data from EU citizens to America does not protect Europeans from American surveillance.

The Irish Data Protection Commission, which oversees Meta’s activities in the EU, said the company violated the EU’s general data protection regulation (GDPR) when it continued to send personal data of European citizens to the US despite a 2020 European Court of Justice decision.

Meta used a mechanism called Standard Contractual Clauses to transfer personal data within and outside the EU. This mechanism has not been blocked by any EU Court of Justice. However, the regulator said that these measures did not take into account the risks to the fundamental rights and freedoms of data subjects, which were identified by the European Court of Justice.

The Irish Data Protection Commission also required Meta to “suspend any future transfer of personal data to the US for a period of five months” from the date of the decision.

The €1.2 billion fine for Meta is the largest fine in history for violating the GDPR. The previous “record” belongs to Amazon for violating the GDPR in 2021, it amounted to 746 million euros. Meta said it will appeal the decision and the fine. It remains only to wish the company good luck, because the amount of the fine is very large even for such a giant as Meta.

The Meta case brought back attention to EU and US attempts to negotiate a new data transfer mechanism. Last year, the parties agreed on new rules for cross-border data transfer, but the new agreement has not yet entered into force.

Meta hopes that this agreement between the EU and the US will be adopted before the deadline for the Irish regulator expires, and it will not have to pay such a space fine due to the usual legal inconsistencies.

* The Meta company and its products (Instagram and Facebook) are recognized as extremist, their activities are prohibited on the territory of the Russian Federation.