Meta has been ordered to stop transferring European user data across the Atlantic by October in order to comply with strict EU privacy rules.
Facebook’s parent company Meta has been fined a record €1.2 billion by the Irish data regulator for breaching EU data protection rules.
Meta is being fined for “continuing to transfer personal data” of users from the European Economic Area (EEA) in breach of the EU’s strict General Data Protection Regulation (GDPR) rules, the Irish Data Protection Commission (DPC) , which acts on behalf of the European Union, said in its decision.
The Irish watchdog said it had given Meta five months to stop sending European user data to the US and six months to bring its data operations into compliance, citing “unlawful processing” of European users’ personal data. Withheld, including storage, transferred to the United States”. Violation of the privacy rules of the block.
It is the largest EU fine ever awarded to a tech company, surpassing the €746 million fine awarded to Amazon for processing personal data in breach of the GDPR.
Meta appealed and asked the courts to immediately stay the verdict.
“This decision is flawed, unfair and sets a dangerous precedent for the countless other companies that transfer data between the EU and the US,” Jennifer Newsted, Meta’s president of global and affairs and chief legal officer, said in a statement.
The investigation was led by Ireland’s Data Protection Commission, which serves as Meta’s lead privacy regulator in the European Union because the Silicon Valley tech giant’s European headquarters are based in Dublin.
The European Court of Justice ruled in 2020 that an EU-to-US data transfer agreement called the Privacy Shield was invalid because of surveillance concerns. There are concerns that US intelligence agencies could access the information.
Brussels and Washington signed a deal last year on a reworked privacy shield that Meta could use, but the agreement awaits a decision by European authorities on whether it adequately protects data privacy. does.
EU institutions are reviewing the accord, and the bloc’s lawmakers this month called for improvements on the grounds that the safeguards are not strong enough.
The saga has highlighted a conflict between Washington and Brussels over differences between Europe’s stricter approach to data privacy and the comparatively lax regime in the US, which lacks a federal data privacy law.
Meta was fined €265 million late last year by Ireland’s Data Protection Commission for breaching GDPR rules.
The investigation was sparked after reports that hackers found data on more than 533 million users on a website. The data included names, Facebook IDs, phone numbers, locations, dates of birth and email addresses of people from over 100 countries.
Meta previously threatened to pull its services from Europe over the data issues.
In its annual report to the US Securities and Exchange Commission last year, the company said it may need to leave Europe if a new framework is not adopted and the company cannot use the existing protocol model.
If a new agreement is not reached, he warned: “We will likely be unable to offer our most important products and services, including Facebook and Instagram, in Europe”.
Meta may have to undertake a costly and complex revamp of its operations if it is forced to stop shipping user data across the Atlantic. According to the company website, the company has a fleet of 21 data centers, but 17 of them are in the United States. The other three are in the European countries of Denmark, Ireland and Sweden. The other is in Singapore.
The Computer and Communications Industry Association (CCIA) trade association said on Monday that since a 2020 ruling by the European Court of Justice, “organisations and companies of all sizes have been left without clear guidelines for transatlantic data transfers”.
It called on the US and EU to implement a new framework to restore legal certainty.
“Today’s legal uncertainty will remain in place until this new data transfer mechanism is formally approved by EU member states,” said Alexandre Roure, Public Policy Director, CCIA Europe. Adequacy decision without any delay”.
Sorry Comments are closed