Meta has been hit with a hefty fine of $1.3 billion by the privacy regulators of the European Union (EU). According to The Wall Street Journal, this fine was issued because Meta transferred user data to the US without sufficiently addressing the risks to users' basic liberties and rights.
The judgement was given by the Irish Data Protection Commission, which also gave Meta five months to stop all further data transfers to the US and six months to stop processing and storing EU data illegally in the US.
The ruling's transition period and the potential for a new EU-US data flows deal taking effect by the middle of this year have lessened the impact of the decision, even though it was generally expected that Meta would face a prohibition on data transfers.
This development is a part of a larger problem that dates back to 2020, when the EU's top court rejected an EU-US data transfer deal on worries about the security of personal information on US servers. While the use of contractual terms as an alternative approach was not rendered invalid, concerns about US data protection resulted in a preliminary order from the Irish authority telling Facebook to stop using this method for data transfers to the US.
Following discussions with the US, EU officials put out a proposal in December to replace the departed "Privacy Shield" accord. In an executive order, President Joe Biden promised the EU that steps would be taken to safeguard its people' data when it was transferred to the US.
The General Data Protection Regulation (GDPR), which is regarded as the industry standard for privacy protection, celebrates its fifth anniversary on the same day that Meta will pay a fee. Since May 2018, major infractions can result in fines up to 4% of a company's annual sales being imposed by EU regulators. The Irish Data Protection Commission has emerged as the primary privacy regulator for significant internet firms with EU bases, like Meta and Apple Inc.