Meta, the owner of Facebook, has been levied a fine of $1.3 Billion by Ireland’s Data Protection Commission for mishandling individuals’ data during its transfers between Europe and the United States.
This penalty stands as the largest fine imposed under the European Union’s General Data Protection Regulation (GDPR) privacy law.
According to GDPR regulations, companies are obligated to obtain individuals’ consent before utilizing their personal data. In response, Meta has expressed its intention to appeal against what it deems an “unjustified and unnecessary” ruling.
The central aspect of this decision revolves around the utilization of standard contractual clauses (SCCs) for transferring EU data to the US.
The European Commission has drafted these legal agreements, which incorporate measures to uphold the protection of personal data during its transfer outside of Europe.
However, apprehensions exist regarding the potential vulnerability of these data transfers to the US’s less stringent privacy laws, raising concerns about possible access to the data by US intelligence agencies.
Numerous major corporations have intricate networks of data transfers, encompassing email addresses, phone numbers, and financial details, among other information, sent to overseas entities. Many of these transfers rely on the use of standard contractual clauses (SCCs).
Meta (formerly known as Facebook) argues that the imposed fine is unjust due to the widespread adoption of SCCs. Nick Clegg, President of Meta, expressed disappointment, stating, “We are dismayed to have been specifically targeted despite employing the same legal framework employed by countless other companies seeking to offer services within Europe.”
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US.”