M:eta was fined a record 1.2 billion euros ($1.3 billion) on Monday for transferring data collected from European Union users to the US.
The fine, announced by Ireland’s Data Protection Commission (DPC), is the largest since the EU enforced the General Data Protection Regulation, which the company is accused of breaching. The amount was significantly higher than Amazon’s €746 million fine for a data breach in 2021. The DPC initially disagreed with other EU regulators over Meta’s fine, which led to the European Data Protection Board stepping in to enforce it.
Meta has been ordered to stop the transfer of user data from the EU to the US. The company said it will appeal the decision and the fine. In an annual report published last year, Meta threatened to end services to its users in Europe if the data transfer dispute continued.
“The ability to transfer data across borders is fundamental to how the global open internet works,” Meta’s president of global affairs, Nick Clegg, and the company’s general counsel, Jennifer Newstead, said in a blog post on Monday. “Without the ability to transfer data across borders, the Internet risks being carved up into national and regional silos, constraining the global economy and leaving citizens of different countries unable to access many of the shared services we’ve come to rely on.”
“We are appealing these rulings and will immediately seek a stay in the courts, which could suspend the enforcement deadlines, given the harm these orders will cause, including to the millions of people who use Facebook every day,” said Clegg and Newstead.
The ruling was in response to a 2013 lawsuit filed by Austrian privacy activist Max Schrems over the Edward Snowden leaks, which argued that US law offered no protection against surveillance of data transferred to the country.
The US and EU have long struggled to reach an agreement on transatlantic data transfers, partly due to the EU’s stricter data privacy policies and the US’s lack of one. In their statement, Clegg and Newstead called for an agreement on the EU-US data privacy framework before the DPC compliance deadline so that “services can continue as they do today without any disruption or impact on users”.
More must-reads from TIME