EU draws the line on privacy: Meta hit with $1.3 billion fine
The European Union fined Meta $1.3 billion, ordering to end the transfers of European data to the United States by October. Fine pertains to user data used for targeted ads, following Edward Snowden's surveillance disclosures.
Mark Zuckerberg speaks in Washington at Georgetown University on Oct. 17, 2019. Meta, the parent company of Facebook, has been slapped with a fine of $1.3 billion by the European Union for the transfer of user data to the United States.
Nick Wass/AP/file
London
The European Union slapped Meta with a record $1.3 billion privacy fine Monday and ordered it to stop transferring users personal information across the Atlantic by October, the latest salvo in a decadelong case sparked by United States cybersnooping fears.
The penalty of 1.2 billion euros is the biggest since the EU鈥檚 strict data privacy regime took effect five years ago, surpassing Amazon鈥檚 746 million euro fine in 2021 for data protection violations.
Meta, which had previously warned that services for its users in Europe could be cut off, vowed to appeal and ask courts to immediately put the decision on hold.
The company said, 鈥渢here is no immediate disruption to Facebook in Europe.鈥 The decision applies to user data like names, email and IP addresses, messages, viewing history, geolocation data, and other information that Meta 鈥 and other tech giants like Google 鈥 use for targeted online ads.
鈥淭his decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.,鈥 Nick Clegg, Meta鈥檚 president of global affairs, and chief legal officer Jennifer Newstead said in a statement.
It鈥檚 yet another twist in a legal battle that began in 2013 when Austrian lawyer and privacy activist Max Schrems filed a complaint about Facebook鈥檚 handling of his data following former National Security Agency contractor Edward Snowden鈥檚 revelations of electronic surveillance by U.S. security agencies. That included the disclosure that Facebook gave the agencies access to the personal data of Europeans.
The saga has highlighted the clash between Washington and Brussels over the differences between Europe鈥檚 strict view on data privacy and the comparatively lax regime in the U.S., which lacks a federal privacy law. The EU has been a global leader in reining in the power of Big Tech with a series of regulations forcing them to police their platforms more strictly and protect users鈥 personal information.
An agreement covering EU-U.S. data transfers known as the Privacy Shield was struck down in 2020 by the EU鈥檚 top court, which said it didn鈥檛 do enough to protect residents from the U.S. government鈥檚 electronic prying. Monday鈥檚 decision confirmed that another tool to govern data transfers 鈥 stock legal contracts 鈥 was also invalid.
Brussels and Washington signed a deal last year on a reworked Privacy Shield that Meta could use, but the pact is awaiting a decision from European officials on whether it adequately protects data privacy.
EU institutions have been reviewing the agreement, and the bloc鈥檚 lawmakers this month called for improvements, saying the safeguards aren鈥檛 strong enough.
Ireland鈥檚 Data Protection Commission handed down the fine as Meta鈥檚 lead privacy regulator in the 27-nation bloc because the Silicon Valley tech giant鈥檚 European headquarters is based in Dublin.
The Irish watchdog said it gave Meta five months to stop sending European user data to the U.S. and six months to bring its data operations into compliance 鈥渂y ceasing the unlawful processing, including storage, in the U.S.鈥 of European users鈥 personal data transferred in violation of the bloc鈥檚 privacy rules.
If the new transatlantic privacy agreement takes effect before these deadlines, 鈥渙ur services can continue as they do today without any disruption or impact on users,鈥 Meta said.
Mr. Schrems predicted that Meta has 鈥渘o real chance鈥 of getting the decision materially overturned. And a new privacy pact might not mean the end of Meta鈥檚 troubles, because there鈥檚 a good chance it could be tossed out by the EU鈥檚 top court, he said.
鈥淢eta plans to rely on the new deal for transfers going forward, but this is likely not a permanent fix,鈥 Mr. Schrems said in a statement. 鈥淯nless U.S. surveillance laws gets fixed, Meta will likely have to keep EU data in the EU.鈥
Meta warned in its latest earnings report that without a legal basis for data transfers, it will be forced to stop offering its products and services in Europe, 鈥渨hich would materially and adversely affect our business, financial condition, and results of operations.鈥
The social media company might have to carry out a costly and complex revamp of its operations if it鈥檚 forced to stop shipping user data across the Atlantic. Meta has a fleet of 21 data centers, according to its website, but 17 of them are in the United States. Three others are in the European nations of Denmark, Ireland, and Sweden. Another is in Singapore.
Other social media giants are facing pressure over their data practices. TikTok has tried to soothe Western fears about the Chinese-owned short video sharing app鈥檚 potential cybersecurity risks with a $1.5 billion project to store U.S. user data on Oracle servers.
聽This story was reported by the Associated Press.