The European Union fined Meta a record $1.3 billion for privacy violations Monday. The EU ordered Meta to stop sending users’ personal information to the United States by October. Meta owns Facebook, Instagram and WhatsApp.
Ireland's Data Protection Commissioner (DPC) issued the fine. The punishment came after Meta continued to transfer Europeans’ data beyond a 2020 EU court ruling that struck down an EU-U.S. data transfer agreement. The fine is the biggest since the EU's data privacy rules took effect five years ago.
Meta promised to appeal and asked courts to suspend the decision. Earlier, the company had warned that its services could end for users in Europe.
The company said, “There is no immediate disruption to Facebook in Europe.” The decision applies to user information like names, email and IP addresses, messages, viewing history, location data and other information. The company uses the data for targeted online advertisements.
Nick Clegg, Meta's president of global affairs, and Jennifer Newstead, the company’s chief legal officer, released a statement. They said the decision was unjust and “sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.”
The decision is the latest development in a legal battle that began in 2013. At that time, Austrian lawyer and privacy activist Max Schrems filed a complaint about how Facebook used his data. His complaint came after former U.S. National Security Agency worker Edward Snowden’s disclosure of online surveillance by U.S. security agencies. That included information that Facebook gave to the agencies the personal data of Europeans.
The EU has rules that require social media services to block speech that European officials consider harmful. Europe has passed several rules requiring policing of information and control of users' personal information.
In 2020, the EU’s top court struck down an agreement covering EU-U.S. data transfers called the Privacy Shield. The court said the measure did not do enough to protect Europeans from the U.S. government's electronic spying.
Europe and the United States signed a deal last year on a different Privacy Shield that Meta could use. The agreement is awaiting approval from European officials.
The DPC said it gave Meta five months to stop sending European user data to the U.S. It also gave the company six months to change its operations to stop transferring Europeans’ user data to the U.S.
If the new privacy agreement takes effect before these deadlines, "our services can continue as they do today without any disruption or impact on users," Meta said.
Schrems thinks Meta has “no real chance” of getting the decision overturned. He said there is a good chance the new agreement could be struck down by the EU's top court.
"Unless U.S. surveillance laws get fixed, Meta will likely have to keep EU data in the EU,” Schrems said in a statement.
Meta warned in its latest earnings report that, without a legal agreement for data transfers, it will stop offering its products and services in Europe. The social media company might have to carry out a costly and complex change to its operations if it has to stop sending user data to the U.S.
I’m Dan Novak.