As expected, Ireland’s privacy regulator has levied a record fine against Meta over its handling of EU user data.
News broke last week that Ireland’s Data Protection Commission (DPC), the EU’s privacy watchdog, was preparing to hand Meta a record fine over EU to US transfers of user data. According to The Irish Times, the DPC has revealed its decision, fining the American company €1.2 billion.
Andrea Jelinek, chair of the European Data Protection Board (EDPB), said Meta’s actions were “very serious,” especially since data is continually transferred to US servers.
“Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences.”
At the same time, DPC Commissioner Helen Dixon said there was some disagreement among EU regulators, with four of the 47 disagreeing with the “corrective power” proposed in the initial draft of her decision, which was released last July.
“All four … took the view that Meta Ireland should be subject to an administrative fine for the infringement that was found to have occurred. Two of those … also took the view that Meta Ireland should be ordered to take action to address the personal data that had already been unlawfully transferred to the US, ie the data transferred from July 2020 to the present,” Dixon said.
“The Data Protection Commission disagreed, reflecting its view that the exercise of additional corrective powers, beyond the proposed suspension order, would exceed the extent of powers that could be described as being ‘appropriate, proportionate and necessary’ to address the infringement.”
Nick Clegg, Meta’s head of global affairs, slammed the decision:
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US,” Clegg said.
Given Meta’s history of appealing the DPC’s decisions, there is no reason to believe it won’t appeal this one as well.