Facebook owner fined record 1.2bn euro for GDPR breach

The firm was ordered to stop transferring data from European users to its US servers.

August Graham
Monday 22 May 2023 12:47 BST
Meta had moved users’ data across borders (Dominic Lipinski/PA)
Meta had moved users’ data across borders (Dominic Lipinski/PA) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Facebook owner Meta has been fined 1.2 billion euro (£1 billion) and was ordered to stop transferring user data from European users to its US servers.

The record fine was levied by Ireland’s Data Protection Commission (DPC) after a three-year probe into the social media giant.

The DPC said that Meta had breached part of the European GDPR (General Data Protection Regulation) rules in the way that it had moved data of Facebook users across borders.

It ordered Meta Ireland to “suspend any future transfer of personal data to the US within the period of five months” and also levied a record fine on the business “to sanction the infringement that was found to have occurred”. Meta called the fine “unjustified”.

The multi-year process which led to the fine was kicked off by Edward Snowden in 2013 when the National Security Agency (NSA) whistleblower revealed that US authorities were surveilling systems run by several US companies.

Companies had long been allowed to transfer EU customers’ data to the US to help them run their business, but only on a promise that they were protecting this data as well as if it was being stored in the EU.

But the Snowden revelations put a question mark over the whole system.

They sparked a request for the DPC to investigate how Facebook data was shared across continents.

The DPC originally refused, thinking that the complaint was not sustainable, but was overruled years later by the Court of Justice of the European Union.

But Meta said that the issue was larger than simply the practices of one company. The US and EU rules are in “fundamental conflict”, the company said on Monday.

“It is a conflict that neither Meta nor any other business could resolve on its own.

Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on

Meta

“We are therefore disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe,” a statement by Meta president of global affairs Sir Nick Clegg and chief legal officer Jennifer Newstead said.

They said there was not going to be any immediate disruption to Facebook, and that Meta would appeal against the decision.

“Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on,” Sir Nick and Ms Newstead said.

They criticised the European Data Protection Board for overruling the DPC’s initial decision that a fine was unjustified because Meta had acted in good faith.

Policymakers on both sides of the Atlantic are currently scrambling to find a new agreement on how data can be shared across borders.

If this is put in place before Meta’s deadline to stop using the current system there will be no disruption to Facebook, Sir Nick and Ms Newstead said.

They added: “No country has done more than the US to align with European rules via their latest reforms, while transfers continue largely unchallenged to countries such as China.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in