EU fines Facebook $1.3 billion for privacy violations

Meta has five months to put in place measures to halt future data transfers and six months to end U.S. storage of the data it already has.

Chat with MarTechBot

The European Union fined Meta $1.3 billion on Monday saying Facebook’s parent company broke the bloc’s laws by transferring E.U. citizens’ user data to the United States. The Irish Data Protection Commission, which handed down the order, said the transfers violated the E.U.’s General Data Protection Regulation (GDPR). Meta’s European headquarters are in Dublin.

Dig deeper: ChatGPT under threat from European regulators

This is the largest GDPR fine ever handed down, surpassing the previous record of $887 million against Amazon in 2021. The ruling gives Meta five months to put in place measures to halt future transfers of personal data to the United States and six months to stop “the unlawful processing, including storage, in the US of personal data of EU/EEA users transferred in violation of the GDPR.”

Why we care. If the ruling is put in place Facebook would have to delete a huge amount of data and restructure its IT systems at a very fundamental level. It also would have enormous implications for any company transferring data between the two areas.

The best hope for staying the ruling is a new data transfer treaty between the U.S. and E.U.

Until 2020, these transfers were protected by the Privacy Shield treaty between the two governments. That year the E.U.’s highest court invalidated the treaty by ruling it did not sufficiently protect E.U. citizens’ data from American spy agencies. 

Negotiations have been underway since the high court’s ruling. Last year, President Biden and Ursula von der Leyen, the president of the European Union, announced the outlines of a deal, but the details are still being hammered out. No doubt Monday’s decision will increase the pressure on the U.S. to get it done. However, the complexity of the issues makes it difficult to move quickly.

By the numbers. May 25 will be the fifth anniversary of GDPR, and Privacy Affairs has been tracking the fines – all 1,701 of them, for a grand total of over $4 billion:

  • Meta accounts for over 50% of all GDPR fines – the company has amassed $2.5 billion in penalties.
  • Meta has been fined seven times – including four just in 2022.
  • By comparison, Amazon and Google have combined for more than $800 million in GDPR fines.

Only Facebook. The decision applies only to Facebook and not other Meta-owned platforms such as Instagram and WhatsApp.

The company said it plans to appeal.

“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.,” Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, its chief legal officer, said in a statement.

Email:


About the author

Constantine von Hoffman
Staff
Constantine von Hoffman is managing editor of MarTech. A veteran journalist, Con has covered business, finance, marketing and tech for CBSNews.com, Brandweek, CMO, and Inc. He has been city editor of the Boston Herald, news producer at NPR, and has written for Harvard Business Review, Boston Magazine, Sierra, and many other publications. He has also been a professional stand-up comedian, given talks at anime and gaming conventions on everything from My Neighbor Totoro to the history of dice and boardgames, and is author of the magical realist novel John Henry the Revelator. He lives in Boston with his wife, Jennifer, and either too many or too few dogs.

Fuel up with free marketing insights.