EU Regulators slapped Facebook’s parent company, Meta with a $1.3 Billion fine after finding them guilty of violating European data transfer laws — they were given five months to suspend the illegal transfer of data on top of the fine.
Investigators found that Meta was transferring data from the EU to the US, which is in direct violation of GDPR laws. A binding decision was made by the European Data Protection Board (EDPR) to force Meta to pay a massive fine for violating this rule and to bring themselves under proper regulations.
International lawmakers have been in a fierce battle against poor cybersecurity practices, and what Meta is doing poses a significant risk to the privacy of citizens living in the EU.
“Facebook has millions of users in Europe, so the volume of personal data transferred is massive,” said Andrea Jelinek, EDPB Chair. “The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences.”
They explain that the ruling was in part determined by a complaint made in June 2013, nearly a full decade ago, about privacy laws in the US. Essentially, data was being reliably protected from US mass surveillance programs while being transferred from the EU to the US. This isn’t the first time that European lawmakers have criticized the lack of data privacy protections in the U.S.
“It would be time to grant these basic protections to EU customers of US cloud providers. Any other big US cloud provider, such as Amazon, Google or Microsoft could be hit with a similar decision under EU law.” said Maximillian Schrems, the filer of the original complaint, who also leverages accusations against the Irish Data Protection Commission (DPC) for attempting to safeguard Meta from legal consequences.
Meta has stated that it intends to appeal the ruling and believes it’s “unjustified and unnecessary.”