Meta has received a €1.2 billion fine from the European Union for violating local data privacy rules. To be compliant with the General Data Protection (GDPR) EU law, Meta had to stop transferring data from Facebook users in the EU to the US.
“The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive, and continuous,” said Andrea Jelinek, President of the European Data Protection Board in a press release. “Facebook has millions of users in Europe, so the volume of personal data transferred is massive.
This €1.2 billion fine is the biggest GDPR fine the EU ever announced. While this is a hefty sum, Meta made $28.7 billion in revenue just in the first quarter of 2023. Meta also has six months to stop data transfers to the US. With the absence of a new legal way to transfer data from EU users to the US, Meta will also have to delete all data about EU users it’s storing in the US.
“The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences,” Jelinek said. However, Meta has already announced that it will appeal the decision and that there would be no immediate disruption of service for Facebook users in Europe.
In its press release, Meta argued that the European Union is currently negotiating a new data privacy framework (DPF) with the US, which would replace the Standard Contractual Clauses (SCCs) that Meta has been using to continue its EU-US data transfers. Meta hopes that the DPF will be implemented before the end of the year and that the new political agreement would make today’s fine unjustified.
“There is no immediate disruption to Facebook because the decision includes implementation periods that run until later this year. We intend to appeal both the decision’s substance and its orders including the fine, and will seek a stay through the courts to pause the implementation deadlines,” Meta said today.