Tech giant Meta, the parent company of Facebook, has been hit with a record £1bn (€1.2bn) fine over failures to securely protect European user data when transferred over to the US.
The seismic fine was ordered by the Data Protection Commission (DPC) in Ireland, which regulates Meta in Europe, and is also seeking to suspend all data transferring from the EU to the US.
This would entail that data from Facebook, but not necessarily to other Meta platforms such as Instagram and WhatsApp, will not be able to transfer data from across the Atlantic over what the DPC believes to be “unlawful” data violations.
Janine Regan, Legal Director for Data Protection at City law firm, Charles Russell Speechlys, stated: “This fine concerns some of the most legally complex issues that data privacy practitioners have ever had to tackle.
“The level of the fine is staggering particularly because it’s not an issue that any one company can resolve on its own given that there is political agreement on both sides of the Atlantic to solve the issue.
“It’s likely that an alternative transfer mechanism will be ready over the summer so that Meta does not have to completely suspend transatlantic transfers, but this will be little consolation for a company facing such a record-breaking fine.”
Meta has stated they plan to appeal the fine and have been given a five month timeframe, as well as six months to rectify what the DPC regards as the ‘unlawful processing, including storage” of EU data to the US.
The DPC were alerted to the allegations lobbied against Meta following a complaint and later a legal challenge was brought forward to them by Max Schrems, who works for Austrian privacy firm Byrec.
The allegations made by the Austrian firm later revealed to the DPC that Meta was in violation of the General Data Protection Regulation (GDPR) as the tech firm continued to transfer data from across continents without recognising a ruling made by the European Court of Justice to prevent such dealings.
Upon hearing the announcement of the £1bn fine, Meta has responded by stating they believe they have been singled out amongst the rest of thousands of other firms who use the same process of data transferring.
Nick Clegg, Meta President of Global Affairs and Jennifer Newstead, Meta Chief Legal Officer, released a joint statement: “We are disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US.”