Facebook owner Meta Platforms has been fined a record $1.3 billion by European Union (EU) regulators for violating privacy rules by sending user data to the United States. The fine, the largest ever privacy penalty imposed by the EU, highlights the increasing risks faced by companies that fail to comply with EU privacy regulations. The ruling also puts pressure on the US government to finalize a deal that would enable Meta and other multinational firms to continue transferring data to the US.
The European courts’ decision in 2020 to overturn a previous data-sharing agreement between the US and the EU has heightened regulatory scrutiny on tech companies in particular. The steep fine serves as a warning to companies across industries that rely on the free flow of data across the Atlantic. The previous record privacy penalty under the General Data Protection Regulation (GDPR) was €746 million against Amazon in Luxembourg for privacy violations related to its advertising business.
The EU’s enforcement of the GDPR has become more stringent, with a focus on larger fines. The fine imposed on Meta represents a shift in the approach of EU privacy regulators, who now insist on significant penalties for serious infringements. The EU board responsible for the decision urged Ireland, which oversees GDPR enforcement for Meta, to issue a fine ranging from 20% to 100% of the maximum allowable penalty.
In addition to the fine, the EU decision requires Meta to cease sending information about Facebook’s European users to the US and delete data already transferred within about six months. Meta has expressed its intention to appeal the ruling and seek a delay in the suspension orders. The company argues that the decision sets a dangerous precedent for other firms engaged in data transfers between the EU and the US.
The ruling impacts not only Facebook but also other units of Meta, as well as numerous multinational companies that store or access European data from US servers. Failure to reach a US-EU data deal could lead to EU privacy investigations and the suspension of data flows to the US, affecting industries such as advertising, artificial intelligence, human resources, and cloud services.
Efforts are underway to establish a new data deal between the US and the EU that would ease restrictions on data transfers, provided the US addresses concerns related to surveillance and grants Europeans additional rights to appeal against it. While the deal has not yet been finalized, EU officials expect to complete their framework for data protection by the summer. Tech companies have urged both the US and Europe to implement and approve the deal to ensure the stability of data flows and protect citizens’ privacy.
