Security News > 2023 > May > E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations
2023-05-22 17:48

Facebook's parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the personal data of users in the region to the U.S. In a binding decision taken by the European Data Protection Board, the social media giant has been ordered to bring its data transfers into compliance with the GDPR and delete unlawfully stored and processed data within six months.

Meta has been given five months to suspend any future transfer of Facebook users' data to the U.S. Instagram and WhatsApp, which are also owned by the company, are not subject to the order.

European data protection authorities have repeatedly emphasized the lack of equivalent privacy protections as that of GDPR in the U.S., potentially allowing American intelligence services to access data belonging to Europeans by virtue of them being shipped to servers located in the U.S. The ruling stems from a legal complaint filed by Austrian privacy activist Maximilian Schrems, the founder of NOYB, almost a decade ago in June 2013 over concerns that E.U. user data is not sufficiently protected from U.S. intelligence agencies when transferred across the Atlantic.

"In my view, the new deal has maybe a ten percent chance of not being killed by the CJEU. Unless U.S. surveillance laws get fixed, Meta will likely have to keep E.U. data in the EU.".

Schrems also accused the Irish Data Protection Commission of consistently attempting to block the case from going forward and trying to shield Meta from being slapped with a fine and having to delete the data that has been already transferred, the latter two of which have been overturned by the EDPB. Meta, in response, said it intends to appeal the ruling, calling the fine "Unjustified and unnecessary" and that there is a "Fundamental conflict of law" between the U.S. government's rules on access to data and European privacy rights.

Two weeks later, it was fined €5.5 million for violating data protection laws by compelling its users to "Consent to the processing of their personal data for service improvement and security" and "Making the accessibility of its services conditional on users accepting the updated Terms of Service."


News URL

https://thehackernews.com/2023/05/eu-regulators-hit-meta-with-record-13.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Billion 4 1 0 2 7 10