Facebook parent Meta slapped with record $1.3 billion fine for transferring European user data to US

LONDON (AP) — The European Union fined Meta a record $1.3 billion on Monday and ordered it to stop transferring user data across the Atlantic, the latest salvo in a case of a decade sparked by US cyber espionage fears.

The fine of 1.2 billion euros imposed by the Irish Data Protection Commission is the largest since the EU’s strict data privacy regime came into force five years ago, exceeding the fine of 746 million euros from Amazon in 2021 for breach of data protection.

The Irish watchdog is Meta’s main privacy regulator in the 27-nation bloc, as the Silicon Valley tech giant’s European headquarters are based in Dublin.

Meta, which previously warned that services for its users in Europe could be cut, pledged to appeal and ask the courts to immediately suspend the decision.

“There is no immediate disruption to Facebook in Europe,” the company said.

“This decision is flawed, unwarranted and sets a dangerous precedent for the countless other companies that move data between the EU and the US,” said Nick Clegg, president of global affairs at Meta, and chief legal officer Jennifer Newstead in a statement.

It’s yet another twist in a legal battle that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebook’s handling of his data following revelations from the former National Security Agency contractor Edward Snowden on US cybersnooping.

The saga has highlighted the conflict between Washington and Brussels over the differences between Europe’s strict view on data privacy and the relatively lax regime in the United States, which has no federal privacy law.

An agreement covering data transfers between the EU and the US, known as the Privacy Shield, was struck down in 2020 by the EU’s top court, which said it did not. not enough to protect residents from the electronic indiscretions of the US government.

This left another tool to govern data transfers – legal stock contracts. Irish regulators initially ruled that Meta did not need to be fined because it was acting in good faith by using them to move data across the Atlantic. But it was overruled in Monday’s ruling by Europe’s top panel of data privacy authorities.

Meanwhile, Brussels and Washington signed an agreement last year on a reworked Privacy Shield that Meta could use, but the pact awaits a decision from European officials on adequate data privacy protections.

EU institutions have scrutinized the deal and lawmakers in the bloc this month called for improvements, saying the safeguards are not strong enough.

Meta warned in its latest earnings report that without a legal basis for data transfers, it would be forced to cease offering its products and services in Europe, “which would materially and adversely affect our business, financial condition and operating results”.

The social media company could face a costly and complex overhaul of its operations if it is forced to stop shipping user data across the Atlantic. Meta has a fleet of 21 data centers, according to its website, but 17 of them are in the United States. Three others are in the European nations of Denmark, Ireland and Sweden. Another is in Singapore.

Other social media giants are under pressure on their data practices. TikTok has tried to allay Western fears about potential cybersecurity risks from China’s short-video sharing app with a $1.5 billion project to store US users’ data on Oracle servers.