Owner of Facebook Meta fined €1.2bn for misappropriation of data transfers

The owner of Facebook Meta was fined 1.2 billion euros (£1 billion) for mishandling people’s data as it was transferred between Europe and the US. Issued by the Irish Data Protection Commission (DPC), this is the largest fine ever imposed under privacy law in the EU General Data Protection Regulation.

GDPR sets out rules that companies must follow to transfer user data outside the EU. Meta said he would appeal the “wrong and unnecessary” decision. At the heart of this decision was the use of Standard Terms of Contract (SCC) to transfer data from the European Union to the United States.

These legal contracts, prepared by the European Commission, contain safeguards to ensure that personal data continues to be protected when transferred outside of Europe.

But there are concerns that these data streams could still expose Europeans to weaker US privacy laws – and that US intelligence services could access the data.

The decision does not affect Facebook in the UK. The Information Commissioner’s Office told the BBC the decision “does not apply in the UK”, but said it had “taken note of the decision and will review the details in due course”.

Previous Danger

Most large companies have networks that transmit complex data – which can include email addresses, phone numbers and financial information – to overseas recipients, many of whom rely on SCC.

And Meta says their widespread use makes fines unfair. Facebook President Nick Clegg said: “We are therefore disappointed to have been targeted by the same legal mechanism as thousands of other companies seeking to provide services in Europe.
“This decision is wrong, unwarranted and sets a dangerous precedent for countless other companies transferring data between the EU and the US.”

But security groups praise the precedent. Caitlin Fennessy, of the International Association of Privacy Professionals, said: “The size of this record fine is matched only by the magnitude of the signal it sends.
“Today’s decision signals that companies have a lot of risk on the table.”

This could lead to EU companies requesting data stored in Europe from their US counterparts – or turning to national alternatives, she added.
Battle of a decade

In 2013, former US National Security Agency contractor Edward Snowden revealed that the US government had repeatedly accessed people’s information through technology companies such as Facebook and Google. And Austrian privacy campaigner Max Schrems has taken legal action against Facebook for failing to protect its privacy, sparking a decades-long battle over the legality of data transmissions from Facebook. EU to the United States.

Europe’s highest court, the European Court of Justice (ECJ), has repeatedly said that Washington has not implemented adequate controls to protect Europeans’ information. And in 2020, the ECJ ruled the data transfer agreement between the EU and the US was invalid.

But the ECJ has left the door open for companies to use the SCC, saying it is legal to transfer data to any other third country as long as it guarantees an “appropriate level of data protection”.
That’s the Meta test that failed. “Restructuring in depth”

Asked about the €1.2 billion fine, Mr Schrems said he was “nice to see this verdict after 10 years of litigation”, but it could be much higher. He added: “Unless the US surveillance law is fixed, Meta will have to fundamentally restructure its system.

Despite the record fine, experts say they believe Meta’s security practices will not change. Johnny Ryan, senior research fellow at the Irish Civil Liberties Council, said: “The multibillion-euro parking fines don’t hurt a company that makes billions of euros from illegal parking.

The US recently updated its internal legal protections to give the EU greater assurance that US intelligence agencies will follow new rules governing access to data. there. In 2021, Amazon was fined for also violating EU privacy standards.

The Irish DPC also fined WhatsApp, another Meta-owned company, for violating strict regulations on the transparency of data shared with other subsidiaries.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *