Meta, owner of Facebook and Instagram, has been fined $1.3 billion (€1.2 billion) for violating the European Union's General Data Protection Regulation (GDPR) by the Irish Data Protection Commission, for the transfer of EU users' personal data to US servers.
This penalty is the biggest that's been dealt out after the European Union's strict data privacy policies went into effect in 2016; this fine far surpasses even Amazon's previously record-breaking $808 million (€746 million) tab in 2021 due to data protection violations.
Because the European Court of Justice nullified the Privacy Shield, the EU and the US continue to search for alternatives on a new data flow. Privacy Shield originally served as a data transfer mechanism under the GDPR, enabling participating companies to meet the EU requirements for transferring personal data to third countries. Though a replacement is expected later in the year, there are multiple multinational companies, including Meta, that illegally rely on the former agreement — specifically with the use of standard contractual clauses.
"The fine regarding a GDPR violation serves as a stark reminder of the importance of data protection in today's dominant digital landscape and the consequences organizations may face if they fail to meet these obligations," Eduardo Azanza, CEO of Veridas, said in a statement in response to the announcement. "The GDPR is designed to safeguard the rights and privacy of individuals. Thus, it's fundamental for organizations to respect these laws and regulations to not only maintain customer trust and confidentiality but to also avoid such public scrutiny and reputational damage."
Meta has a deadline of Oct. 12, 2023, to cease its reliance on standard contractual clauses for data transfers of users' private data.