Meta was hit with a record fine of €1.2 billion ($1.3 billion) by the European Union for violating digital privacy rules by transferring EU citizens’ data to US servers.
In a case brought by Austrian privacy campaigner Max Schrems, Ireland’s Data Protection Commission argued that the legal framework for US data transfers was a breach of the GDPR, the Europe-wide data protection law.
The ruling, by Ireland’s Data Protection Commission, argued that the existing legal framework for data transfers from the EU to the US “failed to address the risks to the fundamental rights and freedoms of Facebook users in Europe”.
Previously, the European Court of Justice in 2020 struck down a legal data transfer mechanism called the Privacy Shield. The DPC says Meta continues to send the data despite the ruling.
The €1.2 billion fine also comes with an order by the DPC to suspend “any future transfer of personal data to the US for five months”.
Meta’s fine is also the largest for GDPR violations, far surpassing the €746 million fine against Amazon in 2021.
Meta’s president of global affairs Nick Clegg and chief legal officer Jennifer Newstead said the company intends to appeal.