Meta hit with record €1.2bn fine from Data Commissioner
Facebook parent company Meta platforms has been his with a fine of €1.2 billion by the Data Protection Commission. The record decision was issued over the practice of transferring user data to the US following a Court of Justice of the European Union decision to stop the practice as it failed to protect the privacy rights of EU citizens.
Legal action against Facebook by the DPC began in 2020 but was held up in the high court due to a number of legal challenges until May 2021.
Following a comprehensive investigation, the DPC prepared a draft decision dated 6 July 2022, where is stated that that data transfers providing insufficient protection to EU citizens were being carried out in breach GDPR and should be suspended.
As well as a €1.2 billion fine, Meta has been ordered to suspend the transfer of personal data to the US within five months and has to bring its data processing practices into line with GDPR within six months.
This is the latest in a series of high-profile fines for the company. In November 2022 it was told to pay €265 million over a data breach that exposed the personal information of 500 million users. The previous September it was fined a then-record €390 million for disclosing e-mail addresses and/or phone numbers of children using Instagram’s business account features and a public-by-default setting for children’s personal accounts.
Will this have a lasting effect on how Facebook processes data for targeted advertising? One would have thought the extent of its problems with regulators would have seen it come into line with EU standards sooner but it seems Facebook was happier taking a gamble on things working out in their favour. CEO and president Mark Zuckerberg’s mantra has always been ‘move fast and break things’ and this has worked for him to date but the EU’s pro-consumer approach has forced him to face weaknesses in policies and practices that would go unsanctioned in the US.
The EU has proven to be a formidable enemy and the success of GDPR has seen the state of California implment the similar Consumer Consumer Privacy Act.
Does Meta have a nuclear option in deciding the EU is not a market worth participating in? With TikTok courting the younger users it needs to keep growing its user base it’s unlikely Zuckerberg will pull out but given his ‘year of efficiency’ is being defined by massive job losses, this makes a first test of the ideas that a strong regulator will scare away investment by multinationals attracted by a favourable corporate tax rate and that large fines would in turn lead to job cuts.
“Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on,” wrote Nick Clegg, president, global affairs & Jennifer Newstead, chief legal officer in a blog post reacting to the decision.
“That’s why providing a sound legal basis for the transfer of data between the EU and the US has been a political priority on both sides of the Atlantic for many years.”
The post continued: “Our priority is to ensure that our users, advertisers, customers and partners can continue to enjoy Facebook while keeping their data safe and secure. There is no immediate disruption to Facebook because the decision includes implementation periods that run until later this year. We intend to appeal both the decision’s substance and its orders including the fine, and will seek a stay through the courts to pause the implementation deadlines.”
This story was updated on 23 May with comment from Meta.