Meta chief executive Mark Zuckerberg. The Facebook, Instagram and WhatsApp parent says it's being unfairly singled out. Photo / Getty Images
Meta chief executive Mark Zuckerberg. The Facebook, Instagram and WhatsApp parent says it's being unfairly singled out. Photo / Getty Images
Meta on Monday (Tuesday NZT) was fined a record €1.2 billion euros ($2.1b) and ordered to stop transferring data collected from Facebook users in Europe to the United States, in a major ruling against the social media company for violating European Union data protection rules.
The penalty, announced by Ireland’sData Protection Commission, is potentially one of the most consequential in the five years since the EU enacted the landmark data privacy law known as the General Data Protection Regulation. Regulators said the company failed to comply with a 2020 decision by the EU’s highest court that Facebook data shipped across the Atlantic was not sufficiently protected from U.S. spy agencies.
But it remains unclear if or when Meta will ever need to cordon off the data of Facebook users in Europe. Meta said it would appeal the decision, setting up a potentially lengthy legal process.
At the same time, EU and U.S. officials are negotiating a new data-sharing pact that would provide legal protections for Meta and scores of other companies to continue moving information between the United States and Europe — a pact that could nullify much of the EU’s ruling Monday. A preliminary deal was announced last year.
The ruling, which comes with a grace period of at least five months before Meta needs to comply, applies only to Facebook and not Instagram and WhatsApp, which Meta also owns. The company said there would be no immediate disruption to Facebook’s service in the EU.
Still, the EU decision shows how government policies are upending the borderless way data has traditionally moved. As a result of data-protection rules, national security laws and other regulations, companies are increasingly being pushed to store data within the country where it is collected, rather than allowing it to move freely to data centers around the world.
The case against Meta stems from U.S. policies that give intelligence agencies the ability to intercept communications from abroad, including digital correspondence. The European Court of Justice said the risk of U.S. snooping violated the fundamental rights of European users.
On Monday, Meta said it was being unfairly singled out for data-sharing practices used by thousands of companies.
