Facebook Fined Record $1.3 Billion Over EU User Data Transfers to the US

[MacRumors]

Facebook owner Meta has been hit with a record $1.3 billion (€1.2 billion) fine by European Union regulators for mishandling user information, and has been ordered to suspend the transfer of data from users in the EU to the United States.

The fine was issued by Ireland's Data Protection Commission, which regulates Facebook across the EU, after it ruled that the social network's data transfers to the U.S. "did not address the risks to the fundamental rights and freedoms" of EU users and violated General Data Protection Regulation.

The fine constitutes the largest ever imposed under the EU's GDPR privacy law, the previous one being a €746 million penalty issued to Amazon in 2021 for similar privacy violations.

In addition to the fine, Meta was given five months to suspend any future transfer of personal data to the U.S., and six months to end "the unlawful processing, including storage, in the U.S." of transferred personal data. Instagram and WhatsApp, which Meta also owns, are not subject to the order.

A previous mechanism to legally transfer personal data between the U.S. and the EU, known as the "Privacy Shield" pact, was struck down by the EU bloc's top court in 2020. The Irish regulator alleged that Meta infringed on the EU's GDPR laws when it continued to transfer personal data to the U.S. after 2020 despite the court ruling.

The issue has been ongoing for a decade after a legal challenge brought by Austrian privacy activist Max Schrems against Facebook in 2013, over concerns resulting from the Edward Snowden revelations that EU user data is not sufficiently protected from U.S. intelligence agencies when transferred across the Atlantic.

"This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.," said Nick Clegg, Facebook's president of global affairs, responding to the decision in a blog post. "We will appeal the ruling, including the unjustified and unnecessary fine, and seek a stay of the orders through the courts."

Article Link: Facebook Fined Record $1.3 Billion Over EU User Data Transfers to the US

 

[wanha]

Couldn't have happened to a nicer company

 

[contacos]

This can have a huge impact on other companies as well. Google Analytics for example is already deemed illegal in the EU, yet businesses keep using it. Technically Office 365 or Teams would not even be allowed. I am sure even Apple is sending some data like the IP to the US (and yes, the EU deems an IP personal data)

 

[krspkbl]

Can Facebook please just die already (Instagram and WhatsApp too)? Disgusting vile company. The world would actually be better without it.

 

[wanha]

This can have a huge impact on other companies as well. Google Analytics for example is already deemed illegal in the EU, yet businesses keep using it. Technically Office 365 or Teams would not even be allowed. I am sure even Apple is sending some data like the IP to the US (and yes, the EU deems an IP personal data)

No doubt this ruling can (and in all likelihood will) have some unintended consequences.

The EU's focus is on regulation and they're rather ignorant on innovation, which is why they often don't see foresee the problems their regulatory flexing creates until it's way too late and innovation has moved elsewhere.

 

[DarthDon]

Marky Zuckerberg's day is propably ****ed. Well done, EU.

 

[t0rqx]

In the meantime everyone is calling out China over privacy. While the US just transfer data without any serious consequences. The data is already transferred the fine is pennies. Who knows how much data is already transferred without us knowing.

 

[cicalinarrot]

In the meantime everyone is calling out China over privacy. While the US just transfer data without any serious consequences. The data is already transferred the fine is pennies. Who knows how much data is already transferred without us knowing.

The China thing is... a little different.
Not that Facebook isn't dangerous or hasn't accepted money to help dictatorships interfere with foreign elections.

 

[Vespi]

Just ban Facebook and other meta owned apps in EU already

 

[swingerofbirch]

Seem awfully concerned about following the law to the letter when they've had no compunctions about skirting it at every turn to keep Apple happy.

 

[Leon Ze Professional]

Get down deeper Meta down.
Down, down Meta down.
Down, down Meta down.
Get down deeper Meta down.

I want all the world to see.
To see you're laughing,
and you're laughing at me [insert Meta here]...

 

[Kottu]

Hope that EU can pull some strings on Tiktok as well.

 

[nothingtoseehere]

There is a thing that I, living in Germany and therefore in the EU, do not understand:
After that mentioned court rule, countless sites/forums/portals sent new data protection arrangements to me, asking me for my consent to transfer data to the US. Of course, I clicked OK without looking at that tedious texts in detail.
Why didn‘t Facebook do this?

 

[Col4bin]

Probably just the tip of the iceberg…

 

[steve09090]

Hilarious! But does this stop Meta from using the data inside the EU?

 

[contacos]

There is a thing that I, living in Germany and therefore in the EU, do not understand:
After that mentioned court rule, countless sites/forums/portals sent new data protection arrangements to me, asking me for my consent to transfer data to the US. Of course, I clicked OK without looking at that tedious texts in detail.
Why didn‘t Facebook do this?

I heard giving consent is not sufficient either (one of the reasons Google Analytics is deemed illegal) because in order to know that you would have given consent, they already had to check things like your IP to know it is even you. At that point the ship has already sailed so to speak.

The issue isn’t even META, it’s the POTENTIAL of the US government demanding access to European citizens data on foreign soil by using U.S. based services. The issue is the US itself being deemed UNSAFE when it comes to personal data protection

 

[Candy Apple+ Nutz]

This ship has sunk. I bet Mark Suckyourdata will be the only one with a lifeboat.

 

[TheYayAreaLiving 🎗️]

It’s 4:29 AM, I woke up to write:

-The fine should have been $10.3 Billion Dollars.
-Never Ever TRUST Facebook.
-Shut down Facebook to save Humanity.

 

[cthompson94]

Just ban Facebook and other meta owned apps in EU already

But then the rise of the blue/green bubbles will form!

 

[constructor]

In the meantime everyone is calling out China over privacy. While the US just transfer data without any serious consequences. The data is already transferred the fine is pennies. Who knows how much data is already transferred without us knowing.

Classic whataboutism response. Chinese privacy invasions are very much being looked at as well, most of those are just more difficult to track and block.

 

[Wanted797]

Can Facebook please just die already (Instagram and WhatsApp too)? Disgusting vile company. The world would actually be better without it.

I’m so annoyed they got instagram and WhatsApp.

Both were such awesome apps before being connected to facebook shenanigans.

 

[constructor]

No doubt this ruling can (and in all likelihood will) have some unintended consequences.

Personal privacy is a fundamental human right and its protection overrides less important concerns.

If a business model is based on the violation of fundamental rights then it has no justification to exist, simple as that.

 

[constructor]

The issue isn’t even META, it’s the POTENTIAL of the US government demanding access to European citizens data on foreign soil by using U.S. based services. The issue is the US itself being deemed UNSAFE when it comes to personal data protection

The main issue is the US government's refusal to give credible assurances about respecting european users' data privacy on US soil, reserving the right to invade it whenever they feel like it.

That is why the ludicrous Privacy Shield agreement was correctly found to be worthless as was its equally pointless successor: Both were just PR fig leaves without any actual effect.

 

[rgeneral]

The fine should be all revenue meta received in the EU.

 

[wanha]

Personal privacy is a fundamental human right and its protection overrides less important concerns.

If a business model is based on the violation of fundamental rights then it has no justification to exist, simple as that.

But it isn't as simple as that.

We could go scorched earth in the name of privacy and eliminate ALL data collection that isn't explicitly agreed to, but we'd cause far more harm than we'd solve with such a unilateral and simplistic view.

There'a always a line to be drawn, because life isn't about a single priority. It's an amalgamation of countless priorities and it's society's job how to best balance them all.