The EU has imposed a record fine on Facebook parent company Meta for forwarding user data to the United States. Meta is also asked to stop the data transfer. The digital association Bitkom warned that Europe should not set up a data blockade.
The EU is taking action in the data protection dispute with the Facebook parent company Meta. The Irish data protection commission responsible for the company (Data Protection Commission, DPC) has, according to its own information, imposed a record fine of 1.2 billion euros on the Facebook parent company Meta – justified by a violation of the European General Data Protection Regulation (GDPR).
The background is the dispute that has been going on for years about the transfer of data from Facebook users from the EU to US servers. The DPC has now given Meta five months to stop data transfers to the United States.
The trigger was a complaint from the Austrian data protection advocate Max Schrems. It is about fears that US secret services could access the information of European users. Schrems filed a complaint against Facebook at the time. The current decision only relates to this social network, not to other services from the meta group – such as Instagram or WhatsApp.
The concerns arose in the wake of the NSA revelations by US whistleblower Edward Snowden ten years ago. In 2020, the European Court of Justice invalidated an EU-US data transfer agreement. A new framework agreement was concluded in March, but is not yet in force. In the course of the dispute, Meta had stated that the measures could ultimately lead to the Facebook services in Europe having to be discontinued.
Meta speaks of “wrong decision”
Following the Irish authorities’ decision, Meta announced that it would appeal. It was an “unjustified and unnecessary punishment,” the company said. For the time being, nothing will change for users in Europe and there will be no disruptions.
The decision also requires Meta to stop any further transfer of European personal data to the United States as the company remains subject to US surveillance laws.
Data protection officer Schrems announced that the fine imposed could have been much higher: “The maximum fine is over four billion. And Meta has knowingly violated the GDPR for ten years in order to make a profit.” According to Schrems, if US surveillance laws are not changed, Meta will now have to fundamentally restructure its systems. The court cases could stretch for years.
Bitkom: New legal framework – top priority
However, it is also possible that a new data package will come into force between the European Union and the USA, which will regulate transatlantic data traffic.
According to the German digital association Bitkom, this is also urgently needed. “Europe must not set up a transatlantic data blockade,” warned Bitkom CEO Bernhard Rohleder. “The decoupling of the EU from the offers and services of the international data economy leads to digital isolation and harms the people and companies of Europe far more than it benefits them.” A functioning legal framework for international data transfers between the EU and the USA must now have top priority for politicians.
According to Rohleder, German, European and US companies alike would not be able to maintain their offers if they had to severely restrict or completely stop data traffic and communication between the US and Europe. “What is imminent is an interruption in international data transfers, which would have at least as great an impact on the German and European economy as the disruption of physical supply chains – and which would also be felt by the citizens.” It is about the use of cloud storage and standard software from US providers as well as communication in social networks or the use of video conference systems.
previous penalty more personalized Advertising
The Irish data protection authority DPC had refused to take action against Facebook for years. Ultimately, the European Data Protection Board (EDPB) obliged the DPC to impose a fine on the social network.
The DPC had already fined Meta €390 million in January for forcing Facebook and Instagram users to consent to personalized ads. So far, fines of four billion euros have been imposed with the new penalty for Meta since the General Data Protection Regulation came into force five years ago.
Meta is now represented six times in the list of the ten highest fines, the penalties add up to 2.5 billion euros. The fashion chain H&M had to pay the highest fine in Germany – at 35 million euros – in 2020 because of an insufficient legal basis for the data processing of its online shop.