EU slaps Meta with $1.3 billion fine over data privacy breach

Meta, the parent company of Facebook and Instagram, has been ordered to pay a record $1.3 billion (€1.2 billion) fine by the European Union for failing to comply with the bloc’s stringent privacy rules.

What are the EU’s privacy rules?

The EU privacy rules, also known as the General Data Protection Regulation (GDPR), are a set of regulations that aim to protect the personal data and privacy of EU citizens. The GDPR requires companies to obtain consent from users before collecting and processing their data and to provide them with clear and transparent information about how their data is used and shared. The GDPR also gives users the right to access, correct, delete, and transfer their data, and to object to or restrict its use.

How did Meta violate the GDPR?

The fine was imposed, according to the Irish Data Protection Commission (DPC), the primary EU regulator for Meta, because Meta had not taken all necessary precautions to ensure the privacy of EU users’ data when it was transferred to the US. The DPC found that Meta had persisted in relying on Privacy Shield, a legal framework that the EU’s top court had declared ineffective in 2020 because it was insufficiently effective at protecting users from US government surveillance. The DPC also said that Meta had failed to provide clear and comprehensive information to users about its data transfers and the risks involved.

What are the consequences of the fine?

The fine, which surpasses the previous record set by Amazon by the data protection authority of Luxembourg in July 2020, of $887 million (€746 million), is the largest ever imposed under the GDPR. The fine amounts to about 4% of Meta’s global revenue in 2020, which is the maximum penalty allowed under the GDPR. The DPC also ordered Meta to immediately stop transferring EU users’ data to the US unless it could ensure an equivalent level of protection as required by the GDPR. Meta has said it will appeal the decision and challenge its legal basis.

What are the implications of the fine?

The fine is a major blow to Meta, which has faced increasing scrutiny and criticism over its handling of user data and its impact on society. Meta has also been accused of spreading misinformation, hate speech, and harmful content on its platforms and of undermining democracy and human rights around the world. The fine could also have wider implications for other US tech giants that transfer EU users’ data across the Atlantic, such as Google, Apple, and Microsoft. They could face similar fines or legal challenges if they do not comply with the GDPR or find alternative ways to safeguard their data transfers.