Meta collects record fine of 1.2 billion euros
Facebook group Meta has received a record fine of 1.2 billion euros for a breach of the European General Data Protection Regulation (GDPR). This was announced by the Irish data protection authority DPC in Dublin on Monday. The case is about Facebook's involvement in mass surveillance by Anglo-American intelligence agencies, which was uncovered ten years ago by US whistleblower Edward Snowden. Austrian privacy activist Max Schrems brought a complaint against Facebook at the time.
The fine imposed by the DPC dwarfs Amazon.com's previous record fine of €746 million in Luxembourg. It also requires Meta to stop any further transfer of European personal data to the United States, as the company remains subject to U.S. surveillance laws.
Meta threatens to pull out of Europe
However, experts believe that the U.S. company will appeal the decision. The legal proceedings, however, could stretch on for years. In the meantime, a new data pact between the European Union and the U.S. could come into force, which would re-regulate transatlantic data traffic. Meta had previously threatened several times to withdraw completely from the EU if transatlantic data transfer was permanently not possible.
Schrems explained that the fine imposed could have been much higher: "The maximum fine is over four billion. And Meta knowingly violated the GDPR for ten years to make a profit." If U.S. surveillance laws are not changed, Meta will now likely have to fundamentally restructure its systems, Schrems explained.
The Irish data protection authority DPC had refused to take action against Facebook on the matter for years. Ultimately, the European Data Protection Committee (EDSA) obliged the DPC to impose a fine on the social network. The current decision only applies to Facebook, not to other services from the Meta group such as Instagram or WhatsApp.
In an initial reaction, Meta top executives Nick Clegg (President Global Affairs) and Jennifer Newstead (Chief Legal Officer) called the DPC's decision "flawed and unjustified." They said it sets a dangerous precedent for the countless other companies that transfer data between the EU and the US. "The decision also raises serious questions about a regulatory process that allows the European Data Protection Board to overrule a lead regulator in this way and disregard the findings of its multi-year investigation without giving the affected company the right to be heard."
To date, Meta's new penalty has resulted in four billion euros in fines since the General Data Protection Regulation came into force five years ago. Meta is now represented six times in the list of the ten highest fines, with penalties now totaling 2.5 billion euros. The highest fine in Germany, 35 million euros, was imposed on fashion chain H&M in 2020 for an insufficient legal basis for the data processing of its online store.