Meta Hit With Landmark $1.3 Billion EU Privacy Fine
Meta Platforms has been fined a record $1.3 billion for violating Europe’s data privacy law.
The fine, announced Monday (May 22) by the Irish Data Protection Commission (DPC), came after the regulator found that Meta violated Europe’s General Data Protection Regulation (GDPR) by failing to protect European Facebook users’ data from U.S. surveillance practices.
Like many tech companies – Microsoft, Uber and Amazon among them – Meta’s European headquarters are in Ireland, which makes that country the main privacy regulator for the firm.
According to multiple media accounts, the fine was the largest on record related to the GDPR, surpassing the $806 million levyagainst Amazon in Luxembourg in 2021.
“We will appeal the ruling, including the unjustified and unnecessary fine, and seek a stay of the orders through the courts,” Meta said on its blog Monday.
Read more:Irish Watchdog Fines Meta For Violations Of Europe’s Data Privacy Law
The company said there would also be “no immediate disruption” to Facebook in Europe, as the decision includes implementation periods that run until later this year.”
In addition to the fine, Meta has until October to “suspend any future transfer of personal data to the US” and six months to cease “the unlawful processing, including storage, in the US” of EU users’ personal data.
The fine stems from a 2020 ruling by the European Court of Justice that quashed an agreement between the U.S. and EU known as the Privacy Shield
The European Court of Justice in 2020 struck down an EU-U.S. data flows agreement known as the Privacy Shield over fears of U.S. intelligence services’ surveillance practices.
As reported here last year, the European court ruled that America’s safeguards for Europeans’ data weren’t strong enough. That left Meta relying on a legal tool known as the Standard Contractual Clauses (SCC) to keep data flowing.
However, the data protection commission said last year – and reaffirmed in Monday’s announcement – that SCCs are not sufficient to comply with the EU court ruling — in other words, the company cannot use this mechanism to move data to the U.S.
Meanwhile, the EU and U.S. are at work on a new data flow arrangement that could be signed before the end of the year.
Meta was also fined by the DPC in January – this time for $422 million – after the commision concluded that Meta Ireland’s advertising business model is not compliant with the GDPR.
Featured News
US Appeals Court Upholds Ruling Denying Copyright for AI-Generated Art
Mar 19, 2025 by
CPI
Morrison Foerster Expands European Antitrust Practice
Mar 19, 2025 by
CPI
HSBC in Advanced Talks to Sell German Fund Unit to BlackFin Capital Partners
Mar 19, 2025 by
CPI
EU’s Antitrust War on Big Tech Heats Up as US Trade Disputes Grow
Mar 19, 2025 by
CPI
Indian Antitrust Authorities Conduct Raids on Global Advertising Firms in Price-Fixing Probe
Mar 19, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Self-Preferencing
Feb 26, 2025 by
CPI
Platform Self-Preferencing: Focusing the Policy Debate
Feb 26, 2025 by
Michael Katz
Weaponized Opacity: Self-Preferencing in Digital Audience Measurement
Feb 26, 2025 by
Thomas Hoppner & Philipp Westerhoff
Self-Preferencing: An Economic Literature-Based Assessment Advocating a Case-By-Case Approach and Compliance Requirements
Feb 26, 2025 by
Patrice Bougette & Frederic Marty
Self-Preferencing in Adjacent Markets
Feb 26, 2025 by
Muxin Li