Regulatory Agencies Slap Record $1.3 Billion Fine Against Meta Due to Data Transfers

On Monday, a European Union court issued a record fine of 1.2 billion euros ($1.3 billion) against the social network platform Meta for violating EU data protection standards by continuing to transmit data obtained from European Facebook users to the United States.

The fine, which was published by Ireland’s Data Protection Commission, could be one of the most significant since the European Union’s landmark data privacy law, the General Data Protection Regulation, went into effect five years ago. Authorities complained that Facebook did not adequately protect data from American espionage agencies before sending it across the Atlantic, as ordered by the top court in the European Union in 2020.

However, it is currently unknown if or when Meta will be required to isolate European Facebook users’ data. Meta has declared its intention to file an appeal, setting in motion a potentially protracted legal battle.

Meanwhile, EU and US officials are negotiating a new data-sharing pact that would provide legal protections for Meta and dozens of other companies to continue moving information between the US and Europe. If successful, this pact could render much of the EU’s ruling on Monday.

Data Laws are Changing Rapidly

However, the EU’s judgment demonstrates how regulations are changing the once seamless flow of data across borders. Companies are under increasing pressure to keep data within the country of collection due to data-protection legislation, national security laws, and other regulations. Previously, data could easily flow to data centers throughout the world.

The charges brought against Meta are the result of official American policy that authorizes the interception of foreign communications, including electronic mail. The Privacy Shield agreement between the United States and the European Union that had permitted Facebook and other corporations to transfer data between the two regions was declared unconstitutional in a lawsuit won by an Austrian privacy campaigner named Max Schrems in 2020. The European Court of Justice ruled that Americans’ potential surveillance of European citizens was unconstitutional.

Meta will have to “fundamentally restructure its systems,” Mr. Schrems said in a statement on Monday unless U.S. monitoring regulations are changed. He suggested that a “federated social network” could be the answer, in which the majority of users’ data would remain within the EU with only “necessary” transfers occurring, such as when a user in Europe sends a direct message to a user in the US.

Meta claimed on Monday that it was being singled out unfairly for data-sharing procedures that are commonplace at thousands of businesses. Facebook president Nick Clegg said: “We are therefore disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe.”

Meta’s president of global affairs, Nick Clegg, and chief legal officer, Jennifer G. Newstead, said in a statement, “Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on.“