Meta was fined a record-breaking $1.3 billion by European Union data protection officials for illegally transferring users’ personal data from Europe to the United States. This is the most severe punishment yet levied under the EU’s General Data Protection Regulation (GDPR).
The European Data Protection Board (EDPB) issued a legally enforceable ruling requiring Meta to align its data transfers with GDPR regulations and to destroy illegally kept and processed data within six months. Furthermore, Meta was given five months to stop any further transfers of Facebook user data to the United States.
This judgement stems from a court challenge made over a decade ago by Austrian privacy campaigner Maximilian Schrems, who was concerned about the lack of effective security for EU user data from US mass surveillance activities. Schrems argued for acceptable limits in surveillance legislation in the United States, highlighting the necessity of probable cause and court authorisation for monitoring actions. He also accused the Irish Data Protection Commission (DPC) of impeding the investigation and sheltering Meta from fines and data erasure.
Meta announced its intention to appeal the verdict, claiming that the punishment was unreasonable and unnecessary. It suggested that there is a fundamental legal contradiction between U.S. government data access standards and European privacy rights.
The sources for this piece include an article in TheHackerNews.