Facebook Fined A Record Sh178.8B For Data Violation

Meta, the parent company of Facebook, was fined a historic 1.2 billion euros ($1.3 billion) on Monday by Ireland’s regulator for unlawfully transferring EU user data to the United States, violating a previous court ruling.

The Irish Data Protection Commission (DPC), representing the European Union, received orders from the European Data Protection Board (EDPB) to impose the fine. The investigation into Meta Ireland’s data transfers has been ongoing since 2020.

According to the court ruling, Meta, headquartered in Dublin, was found to have neglected addressing the risks to data subjects’ fundamental rights and freedoms as stated in a prior ruling by the Court of Justice of the European Union (CJEU).

Nick Clegg, Meta’s president of global affairs, responded in a blog post to the ruling party with disappointment, criticizing it as flawed, unjustified, and potentially setting a dangerous precedent.

Meta’s chief legal officer Jennifer Newstead added their intention to appeal the decision’s substance, including the fine, and seek a court stay to pause implementation deadlines.

The tech giant faced significant fines from EU regulators due to data breaches on its Instagram, WhatsApp, and Facebook services, amounting to hundreds of millions of euros. This year alone, it has received three fines in the EU and four within the past six months.

In January, Meta was fined 390 million euros by the DPC for violating data rules in its targeted advertising practices and in March, a fine of 5.5 million euros was imposed on Meta for breaching GDPR with its WhatsApp messaging service.

According to Clegg and Newstead, the decision by the EDPB to override the DPC raises significant concerns. They added that no other country has made greater efforts than the US to align with European rules through recent reforms, while data transfers to countries like China continue with little scrutiny.

EDPB Chair Andrea Jelinek characterized Meta’s infringement as highly serious, describing its data transfers as systematic, repetitive, and continuous. She emphasized that the unprecedented fine sends a strong message to organizations about the far-reaching consequences of severe infringements.

Max Schrems, who initiated a decade-long legal battle challenging Meta’s movement of EU data to the US, expressed his support for the decision. However, the privacy activist believed that even more severe sanctions could have been applied given Meta’s intentional violation of the law for financial gain.​​​​​​​