On Monday 22nd May 2023, a record-breaking EU GDPR fine of €1.2Bn was imposed by the Irish Data Protection Commissioner’s Office on Meta, the Parent Company, of Facebook, Instagram, and Whats App.
The fine of €1.2bn relates to violations of EU GDPR legislation by the Facebook platform only and relates to the sustained and unlawful transfer of user personal data from Europe to the United States of America. The tech giant had previously been warned in 2020 by The European Court of Justice that data processing activities regarding the transfer of data was unlawful. Fines exceeding €2bn have now been imposed on Meta since EU GDPR implementation on 25th May 2018.
In addition to receiving the record breaking financial fine, the DPC has also ordered Meta to cease the transfer of user personal data from European territories to the USA. The tech giant has 5 months to implement this enforcement order. The company has also been given 6 months to stop the unlawful processing, including storage of European user personal data (which has already been transferred across the Atlantic). In essence, European “user” data will now need to be deleted from Facebook servers.
Meta has responded to the sanctions promptly and robustly, confirming that they will appeal what they describe as “an unjustified and unnecessary ruling”. It is evident from their response that the Company considers that the organisation has been “singled out”, as they suggest they are not alone in how the organisation has been transferring EU user data to the USA.
It is Interesting to note the timing of this record ruling with the impending 5th anniversary of the EU GDPR implementation on 25th May 2023. Will the ruling set a precedent for future enforcement decisions by Regulators, we will watch this space!
# EU GDPR #DataSecurity #DataBreach