The European Data Protection Board (EDPB) has allocated a record 1.2 billion EUR (US$1.3 billion) fine to social media giant Facebook, owned by Meta Platforms, for transferring European Union user data to servers in the United States in violation of GDPR requirements. The fine was announced by the EDPB on Monday, 2023. 22 May
The fine follows a long-running legal battle between Facebook and Austrian activist Maximilian Schrems, famous for campaigning against Facebook over privacy violations, who challenged the company’s data practices in light of revelations by former US National Security Agency (NSA) employee Edward Snowden about US surveillance programmes.
The EDPB found that Facebook violated the EU’s General Data Protection Regulation (GDPR) because after 2020. Facebook continued to transfer data after an EU court ruling invalidated the EU-US data transfer pact known as the Privacy Shield. The EDPB also ordered Facebook to provide the data protection data to the EU within 5 months. Facebook must stop transferring user data to the US within 5 months or face further sanctions.
Facebook said it would appeal the decision, including the “unjustified and unnecessary” fine, which “sets a dangerous precedent for countless other companies”. The company also said that it hopes the new pact, which facilitates the secure transfer of EU citizens’ personal data to the US, would be fully implemented before they had to stop the transfers.
The new pact, agreed between Brussels and Washington in March 2022, is intended to replace previous agreements that were annulled by the European Court of Justice over concerns about US spying. But Mr Schrems said the new agreement has little chance of surviving a legal challenge unless the US changes its surveillance laws.
This is not the first time European regulators have fined Facebook
This is not the first time European regulators have fined Facebook for data privacy violations. 2018 m. November. The Italian antitrust authority fines Facebook €5 million for failing to properly inform users about the collection and use of data.
2019 m. January. The French Data Protection Authority fines Facebook €150,000 for not preventing advertisers from accessing its users’ data.
2021 m. May. European regulators have granted it a fine of €110 million. for providing “misleading information” about the acquisition of messaging service WhatsApp.
2022 m. November. The Irish Data Privacy Authority fines Facebook €265 million. A fine of €1.5 million for discovering a set of personal data published on Facebook.
If you want to ensure compliance with the GDPR and avoid similar consequences, contact us now!