Meta receives the European Union's largest penalty for privacy violations: Ireland fines Meta $1.3 billion

Along with the fine, the company will have five months to "suspend the transfer of [European users’] personal data" to the United States.

Meta has just received the largest penalty in the history of the European Union for violating privacy. The Irish Data Protection Commission (DPC) has fined it $1.3 billion (€1.2 billion) for mismanagement of user information.

It is the largest fine imposed by the European Union on a company for violating the privacy of its users, surpassing the payment of $886 million (€746 million) that Amazon Inc. faced in 2021 for the same reason.

Specifically, the EDPB accused Meta Platforms Ireland of sending European users’ private information to the United States. This poses "risks to the fundamental rights and freedoms of the persons whose data were transferred." European Union Court of Justice (ECJ) President Andrea Jelinek described this problem as "very serious":

The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive and continuous. Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences.

Along with this, the company that owns Facebook, Instagram and WhatsApp must, for the next five months, "suspend any future transfers of personal data to the United States" and has six months to stop "unlawful processing, including in-country storage" of personal data transferred from the European Union.

Meta appeals the ruling

Meta announced in a statement that it will appeal the penalty imposed by the DPC. Nick Clegg, Meta's president of Global Affairs, and Jennifer Newstead, the company's chief legal officer, said in the statement that the decision is "unnecessary":

The DPC initially acknowledged that Meta had continued its EU-US data transfers in good faith, and that a fine would be unnecessary and disproportionate. However, this was overruled by the EDPB, which also chose to disregard the clear progress that policymakers are making to resolve this underlying issue. This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US.

Moreover, the company warned that this decision would affect the proper functioning of the internet because, without the independence to transfer data "across borders," the internet could "risks being carved up into national and regional silos":

Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on. That’s why providing a sound legal basis for the transfer of data between the EU and the US has been a political priority on both sides of the Atlantic for many years.