Facebook owner Meta has been fined a record 1.2 billion euros ($1.3 billion) for violating a prior court order by moving EU user data to the United States, Ireland’s regulator stated Monday.
The Irish Data Protection Commission (DPC), which acts on behalf of the European Union, announced that the European Data Protection Board (EDPB) had ordered it to collect a “1.2 billion euro administrative fine.”
Since 2020, the DPC has been looking into Meta Ireland’s transfer of personal data from the EU to the US.
It decided that Meta, which has its European headquarters in Dublin, had failed to “address the risks to the fundamental rights and freedoms of data subjects” indicated in an earlier judgment of the Court of Justice of the European Union (CJEU).
The CJEU interprets EU law to ensure that it is enforced consistently throughout all member states.
Meta responded that it was “disappointed to have been singled out,” and that the verdict was “flawed, unjustified, and sets a dangerous precedent for the countless other companies.”
“We intend to appeal both the decision’s substance and its orders including the fine, and will seek a stay through the courts to pause the implementation deadlines,” Meta president of global affairs Nick Clegg and chief legal officer Jennifer Newstead said in a blog post.
“There is no immediate disruption to Facebook in Europe,” they added.
Fourth punishment for Meta.Inc
Initially, the DPC sought to compel Meta to halt the illegal data transfers, claiming that a fine “would exceed the extent of powers that could be described as being ‘appropriate, proportionate and necessary'”.
However, its European counterparts, known as Concerned Supervisory Authorities (CSAs), disagreed.
“All four CSAs took the view that Meta Ireland should be subject to an administrative fine,” said the DPC.
With little chance of reaching an agreement, the DPC referred the complaints to the EDPB, which ordered Meta Ireland to suspend further transfers of personal data to the United States and pay a fine.
Clegg and Newstead wrote on their blog that the EDPB’s decision to overturn the DPC “raises serious questions.”
“No country has done more than the US to align with European rules via their latest reforms, while transfers continue largely unchallenged to countries such as China,” they added.
EU regulators have previously fined Meta hundreds of millions of euros for data breaches involving its Instagram, WhatsApp, and Facebook services.
It is the third sanction issued against Meta in the EU this year, and the fourth in the last six months.
Amazon was fined 746 million euros in Luxembourg in 2021 for violating the EU’s General Data Protection Regulation.