data protection
Record fine against Facebook parent company Meta
The Facebook group Meta is to pay a record fine of 1.2 billion euros. photo
© Rafael Henrique/SOPA Images via ZUMA Press Wire/dpa
No other internet giant has received as many fines as Meta in the five-year history of the European General Data Protection Regulation. Now it hits the Facebook group again with a record penalty.
The Facebook group Meta has received a record fine of 1.2 billion euros for violating the European General Data Protection Regulation (GDPR). This was announced by the Irish data protection authority DPC on Monday in Dublin.
The case is about Facebook’s involvement in mass surveillance by Anglo-American secret services, which was uncovered ten years ago by US whistleblower Edward Snowden. At the time, the Austrian data protection activist Max Schrems filed a complaint against Facebook.
The fine imposed by the DPC dwarfs the previous record fine of 746 million euros for Amazon.com in Luxembourg. In addition, Meta must stop any further transfer of European personal data to the United States as the company remains subject to US surveillance laws.
Threat of withdrawal from Europe
However, experts assume that the US group will appeal the decision. However, court proceedings can take years. By then, a new data pact could come into force between the European Union and the USA, which would regulate transatlantic data traffic. Meta had previously threatened to withdraw completely from the EU if transatlantic data transfer was not permanently possible.
Schrems explained that the fine imposed could have been much higher: “The maximum fine is over four billion. And Meta has knowingly violated the GDPR for ten years to make a profit.” If US surveillance laws are not changed, Meta will probably have to fundamentally restructure its systems, Schrems explained.
The Irish data protection authority DPC had refused for years to take action against Facebook in this matter. Ultimately, the European Data Protection Board (EDPB) obliged the DPC to impose a fine on the social network. The current decision only relates to Facebook, not to other services from the meta group such as Instagram or WhatsApp.
Meta top managers Nick Clegg (President Global Affairs) and Jennifer Newstead (Chief Legal Officer) described the DPC’s decision as “incorrect and unjustified” in an initial reaction. It sets a dangerous precedent for the countless other companies that transfer data between the EU and the US. “The decision also raises serious questions about a regulatory process that allows the European Data Protection Board to overrule a lead regulator in this way, disregarding the findings of its multi-year investigation, without giving the affected company the right to be heard.”
So far, fines of four billion euros have been imposed with the new penalty for Meta since the General Data Protection Regulation came into force five years ago. Meta is now represented six times in the list of the ten highest fines, the penalties now total 2.5 billion euros. The fashion chain H&M had to pay the highest fine in Germany of 35 million euros in 2020 because of an insufficient legal basis for the data processing of its online shop.
Notice from the Irish Data Protection Authority