U.S tech giant Meta has been hit with a record €1.2 billion fine for not complying with the EU’s privacy rulebook, according to Politico.
The Irish Data Protection Commission announced on Monday that Meta violated the General Data Protection Regulation (GDPR) when it shuttled troves of personal data of European Facebook users to the United States without sufficiently protecting them from Washington’s data surveillance practices.
It’s the largest fine imposed under the bloc’s flagship General Data Protection Regulation (GDPR) privacy law and it comes on the eve of the fifth anniversary of the law’s enforcement on May 25.
Amazon was previously fined €746 million by Luxembourg and the Irish regulator also imposed four fines against Meta’s platforms Facebook, Instagram and WhatsApp ranging between €405 million and €225 million in the past two years.
The Irish privacy watchdog said that Meta’s use of a legal instrument known as standard contractual clauses (SCCs) to move data to the U.S. „did not address the risks to the fundamental rights and freedoms” of Facebook’s European users raised by a landmark ruling from the EU’s top court.
The European Court of Justice in 2020 struck down an EU-U.S. data flows agreement known as the Privacy Shield over fears of U.S. intelligence services’ surveillance practices. In the same judgment, the top EU court also tightened requirements to use SCCs, another legal tool widely used by companies to transfer personal data to the U.S.
Meta — as well as other international companies — kept relying on the legal instrument as European and U.S. officials struggled to put together a new data flows arrangement and the U.S. tech giant lacked other legal mechanisms to transfer its personal data.
The EU and U.S. are finalizing a new data flow deal that could come as early as July and as late as October. Meta has until October 12 to stop relying on SCCs for their transfers.
The U.S. tech giant previously warned that if it would be forced to stop using SCCs without a proper alternative data flow agreement in place, it could shut down services like Facebook and Instagram in Europe.