summary of the report
- The Irish Data Protection Commission fined Meta (Facebook) €1.2 billion for violating user privacy.
- This is the biggest economic sanction ever imposed in the European Union on a multinational for data protection violations.
- Meta was ordered to suspend the transfer of EU users’ personal data to the US, with a five-month deadline.
- The investigation revealed that Meta continued to transfer personal data even after the European Court of Justice ruling in 2020.
- Meta plans to appeal the decision and claims it uses the same legal tools as other companies operating in Europe.
The Data Protection Commission of Ireland (DPC) informed this Monday (22) that it imposed a fine of 1.2 billion euros (about R$ 6.5 billion) to Meta for violating the privacy of its users through from Facebook.
It is the largest economic sanction imposed in the European Union (EU) on a multinational for violations related to data protection, after the fine of 746 million euros (about R$ 4.03 billion) that Amazon received in 2021 .
The DPC said in a statement that it had ordered Meta to suspend the transfer of personal data from EU users to the United States, for which the technology company had set a five-month deadline.
The regulator of the sector in Ireland, where the most important technology companies in Europe are based, explained that Meta violated article 46 of the General Data Protection Regulation (RGPD), the community regulation that is now five years in force.
According to the commission, the company “continued transferring personal data” from the EU to the US following the decision issued in 2020 by the European Court of Justice on data protection following a lawsuit filed by Austrian lawyer and activist Maximillian Schrems.
Since that judicial decision, the European Commission has eliminated the so-called “privacy shield”, the agreement with which the EU and the US regulated until then the transfer of data between the two parties, which intend to establish a new regulation during this year.
Likewise, the DPC indicated that Meta has six months to “stop processing, including storage” in the US of personal data of European users that were transferred in violation of the RGPD, in a decision, as it specified, that does not affect other company platforms such as Instagram and WhatsApp.
The Irish commission’s investigation, which started in August 2020, examined tools designed by Meta to transfer private Facebook user data from the EU to the US.
These tools, known as “standard contractual clauses”, did not take into account the “risks to fundamental rights and freedoms” of customers in terms of data, DPC stressed.
For its part, Meta declared in a statement that it will appeal the decision of the Irish authority, “including the unjustified and unnecessary fine”, while specifying that it will ask for “the suspension of the orders by the courts”.
The company assured that it feels “disappointed”, as it claimed that it uses the same legal tools as “thousands” of other companies in the sector operating in Europe.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless companies transferring data between the EU and the US”, concluded Meta.
#Ireland #fines #Meta #billion #breach #data #privacy #rule