Meta is to be fined a record-busting £1 billion by the European Union over the transfer of user data to the US.
The EU’s privacy regulators, including Ireland’s Data Protection Commission (DPC), are set to impose the huge fine amid concerns the transfers expose EU citizens to weaker data privacy regulation in the US and adds futher pressure on the US government to strike a deal with the bloc over the management of personal data.
Last year, Facebook threatened to suspend its services in Europe if it was prohibited from moving data to the US. The previous record fine imposed by EU regulators over privacy standards was handed to Amazon in 2021 and stood at €746m (£647m).
The Irish regulator is set to order a pause on all data transfers to the US that rely on contractual clauses it has called into question. The decision is only set to impact Meta’s Facebook app and will not affect its other apps Instagram and WhatsApp.
Meta said it would contest the fine and said the suspension would cause harm to “the millions of people who use Facebook every day.”
Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, chief legal officer, said the ruling would risk splitting the internet into “national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on.”
The fine comes just days before the fifth anniversary of implementation of the the EU’s notorious GDPR data protection regulations. The UK continues to adopt a version of these rules despite no longer being a member of the bloc.
Daisy Fulton, a data protection specialist at law firm BDB Pitmans, said: “The eye-watering fine of €1.2 billion was imposed on Meta Ireland for its failure to protect individuals’ personal data when sending that data to the US. Meta Ireland had failed to do this even after a European Court judgement had made it clear that those protections needed to be in place.
“As the law in the UK is currently very similar to the EU, we may find the UK taking a similar approach. That means businesses in the UK who are transferring personal data to the US should sit up and take notice and ensure they have the necessary protective measures in place to avoid a large fine themselves.”