A record-breaking fine of 1.2 billion euros has been levied against Meta for sending Facebook user data from Europe to the United States.
The fine was the highest imposed by the General Data Protection Regulation (GDPR) against any organisation.
Meta has been fined €1.2 billion by the European Data Protection Board (EDPB) for violating the General Data Protection Regulation (GDPR).
Meta is said to have breached conditions set out in the pan-EU regulation governing transfers of personal data to third countries without ensuring adequate protections for people’s information. The company was also ordered to stop exporting European Union user data to the US for processing in compliance with the GDPR.
“The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive, and continuous. Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences.”
In its binding decision earlier on April 13, 2023, the EDPB instructed the IE DPA to amend its draft decision and to impose a fine on Meta.
“Given the seriousness of the infringement, the EDPB found that the starting point for calculation of the fine should be between 20% and 100% of the applicable legal maximum. The EDPB also instructed the IE DPA to order Meta IE to bring processing operations into compliance with Chapter V GDPR, by ceasing the unlawful processing, including storage, in the U.S. of personal data of European users transferred in violation of the GDPR, within 6 months after notification of the IE SA’s final decision,” EDPB Chair, Andrea Jalinek stated.
The EU data flow restriction would put about 10% of Meta’s global ad income in jeopardy, the company warned investors in April. With the EDPB’s announcement on Monday, that dread has now come true.
A regulation in EU law governing data protection and privacy in the EU and the European Economic Area (EEA) is known as the General Data Protection Regulation (GDPR). The GDPR is a crucial part of EU privacy law and human rights law, particularly Article 8(1) of the European Union’s Charter of Fundamental Rights.
Additionally, it talks about the transfer of personal data outside of the EEA and the EU. The main goals of the GDPR are to make it easier for international businesses to operate legally and to provide individuals with more control and rights over their personal data.
In order to secure the data of Nigerians, Nigeria in 2019 also developed the National Data Protection Regulation (NDPR), which is modeled after the GDPR. There has been a demand for a meaningful data protection law, but little has been accomplished with the regulation’s implementation.