Meta Violates E.U. Data Privacy Rules and Gets the Biggest Fine Yet
June 12, 2023
Ireland’s Data Protection Commission (DPC) fined Meta a record $1.3 billion on May 22, 2023. The DPC ordered Meta to stop transferring data collected from Facebook users in Europe to the United States in violation of Europe’s General Data Protection Regulation (GDPR) data privacy law. Regulators said Meta failed to comply with a 2020 decision by the E.U.’s highest court that Facebook data shipped across the Atlantic was not sufficiently protected. Meta said it was being unfairly singled out for data-sharing practices used by thousands of companies and is appealing. At the same time, E.U. and American officials are negotiating a new data-sharing pact that would provide legal protections for Meta and scores of other companies to continue moving information between the United States and Europe — a pact that could nullify much of the DPC’s ruling.
The DPC decision shows how government policies are upending the borderless way that data has traditionally moved. National security laws and other regulations are increasingly pushing companies to store data within the country where it is collected. Meta said it was being unfairly singled out and plans to appeal. Meta has been a frequent target of regulators under the GDPR. In January, the company was fined $417 million for forcing users to accept personalized ads as a condition of using Facebook. In November, it was fined $284 million for a data leak.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.