The fine was imposed by the Irish Data Protection Commission (DPC), which regulates Meta across the EU, is a record for a breach of the bloc’s General Data Protection Regulation (GDPR).
The suspension of Facebook data transfers is not immediate and Meta has been given five months to implement it.
The DPC fine relates to a legal challenge brought by an Austrian privacy campaigner, Max Schrems, over concerns resulting from the Edward Snowden revelations that European users’ data is not sufficiently protected from US intelligence agencies when it is transferred across the Atlantic.
Meta has six months to cease “the unlawful processing, including storage, in the US” of personal EU data already transferred.
The DPC said Meta infringed GDPR by continuing to transfer EU user data to the US without proper safeguards in place, despite a ruling by the European court of justice in 2020 requiring robust protection of that information. The CJEU ruled that data leaving the EU must have the same level of protection as it would have under GDPR when it reaches its destination outside the EU.
The regulator said data transferred by Facebook under a legal instrument called standard contractual clauses (SCCs) “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the court of justice in its judgment”.
“We are … disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe. This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US.”
Nick Clegg, the Meta president of global affairs,Jennifer Newstead, the Meta chief legal officer,
Meta said it would appeal against the decision and seek a stay on the data transfer order.
Read More
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more