You won’t be spared from transferring data from the EU to the US: Meta fined $1.3 billion

On Monday, Meta was hit with an unprecedented fine of 1.2 billion euros ($1.3 billion) and instructed to cease transferring data gathered from Facebook users in Europe to the United States. This ruling represents a significant blow to the social media giant as it has been found to violate data protection regulations set by the European Union.

BREAKING NEWS: Mark Zuckerberg and META Fined A RECORD $1.3 Billion by the EU for Violating Privacy Laws. ELON MUSK WILL PUT FACEBOOK OUT OF BUSINESS SOONER RATHER THAN LATER!

— Matt Wallace (@MattWallace888) May 22, 2023

The penalty, disclosed by Ireland’s Data Protection Commission, is among the most substantial consequences a company has faced since implementing the General Data Protection Regulation (GDPR) five years ago. Regulators claim that Meta failed to adhere to a 2020 ruling by the European Union’s highest court, which stated that data transferred across the Atlantic was inadequately safeguarded against surveillance by American intelligence agencies.

Who’s the main culprit?

It’s important to note that this ruling applies solely to Facebook and does not encompass Instagram and WhatsApp, which Meta also owns. In response, Meta has stated its intention to appeal the decision and has assured users that there will be no immediate disruption to Facebook services within the European Union.

What is the Ruling set?

Despite the ruling, several steps must be taken before Meta must segregate the data of Facebook users in Europe, which could encompass a range of information such as:

• Photos 
• Friend connections 
• Direct messages 
• data used for targeted advertising. 

The ruling gives Meta a grace period of at least five months to comply, and the company’s appeal is likely to initiate a potentially lengthy legal process.

The world understands privacy now!

The recent decision by the European Union (EU) regarding Meta (formerly known as Facebook) highlights how government policies are changing the way data is handled. Data protection rules, national security laws, and other regulations are leading to a shift where companies are increasingly required to store data within the country where it is collected rather than freely transferring it to data centers worldwide.

This case against Meta originated from US policies that allow intelligence agencies to intercept international communications, including digital messages. In 2020, an Austrian privacy activist named Max Schrems successfully invalidated the US-EU data transfer agreement known as Privacy Shield. The European Court of Justice ruled that the risk of US surveillance violated the fundamental rights of European users.

Next week the #GDPR hits #5yearsGDPR – @johnnyryan has (again) done a great job getting facts and numbers together!

IMHO the national executive (aka DPAs) largely undermined the EU legislator's intention of serious privacy enforcement – which is not only a problem for privacy, https://t.co/7kPb88AJwP

— Max Schrems 🇪🇺 (@maxschrems) May 15, 2023

Schrems also stated that unless US surveillance laws are improved, Meta must make significant system changes. He suggested the idea of a “federated social network” where most personal data would remain in the EU, with only necessary transfers occurring when a European user sends a direct message to someone in the US.

The Facts on News Reports About Facebook Data

What happened next?

Meta argued it was unfairly targeted since many companies employ similar data-sharing practices. They expressed concerns about the potential fragmentation of the internet into national and regional silos, which could limit the global economy and impede citizens’ access to shared services.

The ruling, which resulted in a record fine under the General Data Protection Regulation (GDPR), was expected. Meta’s chief financial officer had previously revealed that around 10% of its global ad revenue came from EU countries. Meta and other companies are hopeful for a new data agreement between the US and the EU to replace the invalidated Privacy Shield. Negotiations for the agreement are still ongoing.

Complying with the ruling could pose technical challenges for Meta, as it may need to delete significant amounts of data related to EU Facebook users. This task is complicated due to the interconnected nature of Internet companies.

Critics in play

Critics of the GDPR argue that it has yet to fulfill its initial promise, primarily due to a lack of enforcement. The provision requiring regulators in the country where a company has its EU headquarters to enforce the privacy law has faced criticism. Ireland, home to the regional headquarters of Meta and other major tech companies, has been under scrutiny.

• A board decided against Meta of EU representatives, overriding the Irish authorities. The commission imposed the €1.2 billion fine and demanded that Meta address the data collected about users, potentially including deletion.

What’s extracted?

The European Data Protection Board, which set the fine, sees it as a solid message to organizations that serious infringements will have significant consequences. Meta has been a frequent target of GDPR penalties, including fines for forcing users to accept personalized ads and for a data leak.

The decision caters to the ongoing tension between data privacy, national stability, and the changing nature of the internet. The need for continued dialogue between governments, tech companies, and privacy advocates to address these challenges and ensure the protection of user data in an increasingly digitized world.