Meta, Facebook’s owner, has been fined 1.2 billion Euro for mishandling data when transferring it between Europe and US.
The fine was issued by Ireland’s Data Protection Commission or DPC.
It is the largest fine ever under the EU’s General Data Protection Regulation privacy Law.
The GDPR rules require companies to look for consent before using anyone’s data.
Meta is looking to appeal the fine stating it is “unjustified and unnecessary”.
This decision comes due to the use of SCCs or standard contractual clauses to move EU data to the United States.
The legal contracts were made by the European Commission, and they include safeguards to protect personal data when it is transferred outside of Europe.
However, there have been concerns that the data flows are still exposing Europeans to the US’s weaker laws on privacy.
Meaning that US intelligence could have access to the data.
Most bigger companies have many complex data transfers that can include phone numbers, email addresses and financial information to people overseas.
A lot of these depend on SCCs.
Meta claims that their wide use makes this fine unfair.
Nick Clegg, Facebook’s President said, “We are therefore disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe.”
Continuing, “This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and the US.”
10 years ago, in 2013, former US National Security Agent contractor Edward Snowden revealed that American authorities had accessed people’s information using technology companies like Google and Facebook on multiple occasions.
Mac Schrems, a privacy campaigner, filed a legal challenge against Facebook for failing to protect his privacy rights.
This, in turn, led to a 10-year battle over the legality of moving data from the European Union to the United States.
The European Court of Justice has repeatedly said Washington’s checks in place to protect European data, is not sufficient.
In 2020, the European Court of Justice ruled a European Union, United States data transfer agreement invalid.
However, the European Court of Justice had left an opportunity for companies that use SCCs.
Saying that the transfer of data to any other third country was valid, so long as it ensure an “adequate level of data protection”.
According to Ireland’s DPC, Meta has failed to meet this level of data protection and subsequently, was fined for it.
Mr Schrems was asked about the fine, he said that he was “happy to see this decision after 10 years of litigation”.
However, it could have been much higher.
Adding “Unless US surveillance laws get fixed, Meta will have to fundamentally restructure its systems,”
The United States did update its internal legal protections recently, this was to give the European Union assurances that American intelligence agencies would follow the new rules.
In 2021, amazon received a fine for defying the EU’s privacy standard.
Alongside Facebook, Ireland’s DPC has also slapped a fine on WhatsApp, which is also owned by Meta.
The fine was for breaching strict regulations that relate to the clarity of data shared between its other subsidiaries.
To protect your business from breaching data protection laws, our managed IT services can help.
Contact us and find out more.
Itek provides IT solutions for your entire IT infrastructure. Your business can experience a cost-effective service at a predictable fixed rate, removing the burden from you and your team and freeing you to focus on your goals.