Meta slapped with whopping £1bn fine over Facebook data breach
Meta, the owner of Instagram, Facebook and Whatsapp, has been slapped with a record €1.2bn (£1bn) fine by the Ireland’s data protection agency over its transfer of European users’ Facebook data to its US server.
The Data Protection Commission has also ordered it to suspend all transfers of user data to the US.
The regulator found the social media giant had breached the General Data Protection Regulation (GDPR) when it continued to transfer personal data from Europe to the US after a court ruling last year condemned the action.
Meta has said that it will appeal the “unjustified” and “unnecessary” ruling by the Irish regulator.
“Meta uses the same legal mechanisms as other organisations,” Nick Clegg, Meta’s president of global affairs, said noting that thousands of businesses and organisations rely on the “ability to transfer data between the EU and the US to operate and provide everyday services”.
Clegg said: “Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on.”
Meta, which was founded by billionaire Mark Zuckerberg, has also previously threatened to suspend its services in the EU if it could not continue using its tools to transfer the data.
This is not the first time the Irish watchdog has fined Meta. In January, the regulator handed subsidiary Whatsapp a €5.5m (£4.8m) fine for an additional breach of its privacy laws.
“Meta has prepared for the fine, but it is huge. It will have a duty to its shareholders to appeal it,” Nigel Jones, co-founder, Privacy Compliance Hub, said.
He added: “In the meantime it will hope that the EU and the US can agree a mechanism known as the Data Privacy Framework that will enable Meta and other companies to legally transfer the data of EU individuals to the US. However, that won’t help such companies with the vast amounts of EU data that they are currently storing unlawfully in the US as a result of this decision.”
‘A big headache for Meta’
While the cost of the fine will make little dent in Meta which is worth £546bn, Eddie Powell, data protection partner at London law firm Fladgate, said what is more seismic is the “order that Meta must stop transfers to the US within 12 weeks (once an appeal deadline has passed).”
Powell said that Meta will also be asked to remove all the EU personal data it has already transferred, out of the USA to the EU or another acceptable country, within six months.
“That is likely to be a big headache for Meta, and it’s notable as the first big use of the authorities’ power to order a suspension of international transfers,” he said.
He added: “In the short term, Meta are likely to appeal (they have little to lose) so this may not have any immediate impact, but it’s unlikely any appeal will succeed in reversing all of this decision. Meta will be hoping that the US/EU deal version 3 – the ‘Data Privacy Framework’ gets approved and implemented quickly.”