Meta, the parent company of Facebook and Instagram, has been hit with a €1.2 billion ($1.3 billion) fine by the Irish Data Protection Commission for violating the European Union’s General Data Protection Regulation (GDPR). The fine is the largest ever handed out for a data privacy violation since the EU’s data privacy policies came into effect in 2016.
The violation occurred as a result of Meta’s transfer of EU users’ personal data to US servers, which was found to be in breach of GDPR regulations. The penalty imposed far surpasses the previous record-breaking fine of $808 million (€746 million) that was levied against Amazon earlier this year.
The invalidation of the Privacy Shield by the European Court of Justice has meant that the EU and the US are still seeking alternative mechanisms for data transfer. Privacy Shield had previously served as a data transfer mechanism under the GDPR, allowing companies to comply with EU requirements for transferring personal data to third countries. While a replacement is expected, a number of multinational companies, including Meta, have continued to rely on the former agreement, particularly through the use of standard contractual clauses, which are now illegal under GDPR.
In response to the announcement, Eduardo Azanza, CEO of Veridas, said, “The fine regarding a GDPR violation serves as a stark reminder of the importance of data protection in today’s dominant digital landscape and the consequences organizations may face if they fail to meet these obligations.”
He went on to add, “The GDPR is designed to safeguard the rights and privacy of individuals. Thus, it’s fundamental for organizations to respect these laws and regulations to not only maintain customer trust and confidentiality but to also avoid such public scrutiny and reputational damage.”
Meta’s deadline to stop using standard contractual clauses for the transfer of users’ data is set for October 12, 2023.
It is not the first time that Meta has faced criticism for its data privacy policies. The social media giant’s handling of user data has long been a point of contention, and the company has previously been fined for data privacy breaches. In 2019, Facebook was fined $5 billion by the US Federal Trade Commission for mishandling users’ personal data.
Meta, which owns some of the world’s largest social media platforms with billions of users, has repeatedly come under fire for the way it collects and uses personal information. Critics have argued that the company doesn’t do enough to protect users’ data and that its algorithms can have negative impacts on society, from spreading fake news to exacerbating political polarization.
The latest fines serve as a warning to other companies that handle user data, that they need to comply with GDPR regulations or risk significant financial penalties. The consequences of not taking data privacy seriously can be crippling, both financially and in terms of reputation. With digital data becoming increasingly valuable, data privacy and protection are becoming more critical than ever. Organizations must focus on complying with data protection regulations to not only maintain customer trust but also to avoid reputational damage and potentially, ruinous fines.