The EU has slapped Meta with a $1.3 billion fine for sending European user data to the US where it alleges it can be accessed by American spy agencies without the users having enough in the way of an appeal. Meta has been ordered to stop the data transfers and delete any data already sent within six months.
The $1.3 billion fine surpasses the previous record, an $806 million GDPR fine against Amazon imposed in Luxembourg back in 2021 for privacy violations in its advertising business. The decision also puts more pressure on the US to complete a trans-Atlantic deal that’ll let companies like Meta keep the data flow between the two continents alive.
Meta will be appealing the ruling and seeking a motion to delay the suspension orders. The company called the fine “unjustified and unnecessary”, while also highlighting that the fine isn’t about Meta’s or any single company’s privacy practices, but “a fundamental conflict of law between the US government’s rules on access to data and European privacy rights”.
This conflict of law in question refers to the aforementioned data transfer deal that the EU and US are currently negotiating that could take effect as early as this summer, or might get extended to late October 2023. Previously, this data transfer was protected by the Privacy Shield, a trans-Atlantic pact that was ruled out in 2020 after the top EU court found out that it didn’t protect the data in question from being scrapped by American intelligence programs.
Despite the monumental fine, some experts don’t think this is going to have much of an effect on Meta’s privacy practices. Additionally, it’s also one of the thousands of companies that use similar data transfer practices. In Meta’s case, data transfer is necessary for its ad-targeting business, which requires processing data streams generated from users.
In order to comply with the current ruling, it’ll have to at least try and re-engineer its systems to keep as much European data in Europe and process it there, a project that’ll be quite complex. The company has maintained its stance for a while now, even claiming that it’ll have to shut down Facebook and Instagram in the EU if it’s not allowed to send the data back.
In the News: Neeva is shutting down its search operations