Meta Faces Record-Breaking $1.3B EU Fine Over Illicit Data Transfers to the US

Facebook owner Meta faces a staggering $1.3 billion (€1.2 billion) privacy fine by the European Union for transferring EU users' data to its servers in the United States for processing.

The European Data Protection Board (EDPB) announced earlier today that the company has been fined €1.2 billion, the largest fine ever issued under the General Data Protection Regulation (GDPR).

Andrea Jelinek, EDPB Chair, said in an official press statement:

“The EDPB found that Meta IE’s [Ireland’s] infringement is very serious since it concerns transfers that are systematic, repetitive and continuous. Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences."

The previous fine record holder is another US behemoth - Amazon - which was fined $888 million in 2021 for similar reasons, i.e. mistreatment of customer data.

In addition to the astronomical fine, Meta has been given five months to “suspend any future transfer of personal data to the US” and six months to stop “the unlawful processing, including storage, in the US” of transferred personal EU data.

Not too long after the EDPB official announcement, Meta issued a statement on their blog confirming that it will appeal the suspension order. Referring to the order as "flawed" and "unjust", the company also defended its own privacy practices and blamed the conflict between US and EU laws.

In the same blog post, Nick Clegg, Meta's Chief Legal Officer, emphasized the efforts the US is making to comply with EU laws, "while [data] transfers continue largely unchallenged to countries such as China." Clegg also advocated for the joint work of "like-minded democracies" to keep the internet from "fracturing under pressure from authoritarian regimes".