The technology conglomerate has until later this year to end its transfer of European user's data across the Atlantic.

Dark Reading Staff, Dark Reading

May 22, 2023

1 Min Read
A desktop monitor featuring the Meta logo with a phone below it opened to a screen of apps that Meta owns.
Source: Mundissima via Shutterstock

Meta, owner of Facebook and Instagram, has been fined $1.3 billion (€1.2 billion) for violating the European Union's General Data Protection Regulation (GDPR) by the Irish Data Protection Commission, for the transfer of EU users' personal data to US servers.

This penalty is the biggest that's been dealt out after the European Union's strict data privacy policies went into effect in 2016; this fine far surpasses even Amazon's previously record-breaking $808 million (€746 million) tab in 2021 due to data protection violations.

Because the European Court of Justice nullified the Privacy Shield, the EU and the US continue to search for alternatives on a new data flow. Privacy Shield originally served as a data transfer mechanism under the GDPR, enabling participating companies to meet the EU requirements for transferring personal data to third countries. Though a replacement is expected later in the year, there are multiple multinational companies, including Meta, that illegally rely on the former agreement — specifically with the use of standard contractual clauses.

"The fine regarding a GDPR violation serves as a stark reminder of the importance of data protection in today's dominant digital landscape and the consequences organizations may face if they fail to meet these obligations," Eduardo Azanza, CEO of Veridas, said in a statement in response to the announcement. "The GDPR is designed to safeguard the rights and privacy of individuals. Thus, it's fundamental for organizations to respect these laws and regulations to not only maintain customer trust and confidentiality but to also avoid such public scrutiny and reputational damage."

Meta has a deadline of Oct. 12, 2023, to cease its reliance on standard contractual clauses for data transfers of users' private data.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights