The European Union has imposed a historic $1.3 billion privacy fine on Meta (formerly Facebook) and instructed the company to cease transferring user data across the Atlantic by October.
This action represents the latest development in a long-standing case that originated from concerns over U.S. cyber snooping, stretching back over a decade.
The fine, amounting to 1.2 billion euros, was issued by the Data Protection Commission of Ireland, surpassing Amazon’s 746 million euro penalty in 2021 for data protection breaches. The Irish regulatory body serves as Meta’s primary privacy overseer within the 27-nation European bloc due to the location of the tech giant’s European headquarters in Dublin.
Read also: UK Fines TikTok £12.7m For Breaching Data Protection Regulation
The Antitrust fines
The EU issued the $1.3B fine to Meta for violating antitrust rules by restricting the use of third-party apps on its platform, which gave it an unfair advantage over its competitors.
The EU also accused Meta of using its dominance in the market to stifle innovation and harm competition. The fine was imposed as part of the EU’s efforts to promote fair competition and protect consumers.
Meta vow to appeal the judgment
Despite Meta’s earlier warning that its services for European users might be disrupted, the company has pledged to appeal the decision and request immediate court intervention to suspend its implementation. Meta stated that Facebook operations in Europe remain unaffected at present.
In response to the ruling, Meta’s President of Global and Public Affairs, Nick Clegg, and Chief Legal Officer Jennifer Newstead criticized the decision, describing it as flawed, unjustified, and setting a dangerous precedent for other companies involved in data transfers between the EU and the U.S.
This development marks another twist in a legal battle that commenced in 2013 when Austrian lawyer and privacy advocate Max Schrems filed a complaint regarding Facebook’s management of his data, prompted by Edward Snowden’s revelations about U.S. cyber snooping activities.
The ongoing saga has brought to the forefront the clash between Washington and Brussels regarding the differing perspectives on data privacy between Europe, which maintains strict regulations, and the United States, which lacks a comprehensive federal privacy law.
The EU’s top court invalidated the Privacy Shield agreement, which governed EU-U.S. data transfers, in 2020. The court deemed it insufficient in safeguarding European residents from U.S. government surveillance activities.
As a result, stock legal contracts became the alternative mechanism for data transfers. Initially, Irish regulators ruled that Meta acted in good faith by using these contracts to move data across the Atlantic, thereby avoiding fines. However, last month, the EU’s top panel of data privacy authorities overturned this ruling, a decision that was reaffirmed by the Irish watchdog recently.
In the meantime, Brussels and Washington negotiated a revised Privacy Shield agreement last year, which Meta could potentially utilize. However, European officials have yet to determine whether this new pact adequately protects data privacy, and there have been calls from EU lawmakers for stronger safeguards.
In its recent earnings report, Meta cautioned that without a legal framework for data transfers, it would be compelled to cease offering its products and services in Europe, which would have significant negative implications for its business, financial condition, and operational outcomes.
If Meta is required to halt the transfer of user data across the Atlantic, it may need to undertake a costly and intricate overhaul of its operations. Currently, Meta operates 21 data centres, with the majority (17) located in the United States. The remaining centres are situated in Denmark, Ireland, Sweden, and Singapore.
Other prominent social media companies are also facing scrutiny regarding their data practices. TikTok, for instance, has attempted to alleviate Western concerns about potential cybersecurity risks associated with the Chinese-owned app by initiating a $1.5 billion project to store U.S. user data on Oracle servers.
