The Irish Data Protection Commission (DPC) has imposed a record-breaking fine of €1,200,000 on Meta, Facebook’s parent company, for GDPR (General Data Protection Regulations) violations.
The violation concerns Facebook’s practice of transferring the data of EU-based users on US-based servers, hosting that data indefinitely, and processing it without restrictions, very likely also sharing it with other entities.
According to the results of an almost three-year-long inquiry of the DPC into the social media platform’s data transfer practices, it was determined that the company violated Article 46(1) of the GDPR. The particular article concerns transfers of personal data to “third countries” and the need for those to provide appropriate safeguards and effective legal remedies to the data subjects.
However, the U.S. does not have a comprehensive data protection regulation that can be considered the equivalent of the GDPR in the country. On the contrary, each state follows a different legal approach, setting its own requirements and restrictions. Hence, the DPC considers transferring user data to the U.S. risky and violates the GDPR.
The administrative fine of €1.2 billion ($1.3 billion) is a record-breaking figure, almost double the previous record that was Amazon’s €746 million fine imposed by Luxembourg’s data protection regulator. The fine is so hefty that it contradicts the widespread view that data protection legislation is toothless and penalties are too small to have any effect or e real change in how businesses manage user data.
Apart from the fine, the Irish DPC also orders Facebook to stop all violating data transfer actions in the next five months and delete the data of EU citizens it unlawfully held on U.S. servers by November 2023.
Facebook to Appeal
In a post responding to the €1.2 billion fine imposed by the EU, Facebook makes it clear that it intends to appeal the decision, arguing that the administrative fine and the associated data transfer restrictions are unjust and detrimental to their European operations.
Facebook underlines that they acted in good faith by using Standard Contractual Clauses (SCCs) – a legal tool deemed reliable by European courts of law, and which the social media giant assumed was compliant with GDPR. The same mechanism is used by many organizations to perform transatlantic data transfers without ever raising objections from EU data protection authorities.
The tech company argues that the crux of the problem isn’t individual privacy practices but rather the overarching discord between U.S. data access regulations and the European emphasis on privacy rights. The impending implementation of the Data Privacy Framework (DPF) is predicted to address these divergences, regulating cross-border data transfers while ensuring the requisite protections are upheld within the U.S. context.
Yes, Facebook aka Meta is a very notorious company. It is good that it has been fined. But then I believe it has been fined in the past too and has been involved in various scandals in the past but that hasn’t stopped it and forced it to change its track. These fines are a relatively very small sum of money considering the huge revenue of Meta.
The real dent will come when users will become aware and turn away from using Facebook and its products. That simply isn’t happening. One simply cannot convince an average person to leave Facebook and Instagram to pursue online privacy. He or She is more than happy to use a free product that works wonders for them and is an essential part of their daily life. Leaving it behind for online privacy whose real benefits are not even apparent or felt in day to day life is what keeps an average Joe from quitting Facebook.
Meta has never paid any of the fines they got. I don’t think they would ever pay this fine.
Meh. It’s not be effective to impose fines on these companies unless their CEOs face long-term imprisonment. They basically make their own money or pass the fines to their customers