European Union has slammed Meta a record-breaking $1.3 billion for violating EU privacy laws by transferring the personal data of Facebook users to servers in the United States.
The European Data Protection Board announced the fine in a statement Monday, May 20, 2023.
According to the board, this followed an inquiry into Facebook (FB) by the Irish Data Protection Commission, the chief regulator overseeing Meta’s operations in Europe.
The EU regulator said the processing and storage of personal data in the United States contravened Europe’s signature data privacy law, known as the General Data Protection Regulation. Chapter 5 of the GDPR sets out the conditions under which personal data can be transferred to third countries or international organizations.
The fine is the largest ever levied under GDPR. The previous record of €746 million ($805.7 million) was levied against Amazon (AMZN) in 2021.
Meta has also been ordered to cease the processing of personal data of European users in the United States within six months.
Meta’s infringement is “very serious since it concerns transfers that are systematic, repetitive and continuous,” said Andrea Jelinek, chair of the European Data Protection Board.
“Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences,” she added.
Meta, which also owns WhatsApp and Instagram, said it would appeal the ruling, including the fine. There would be no immediate disruption to Facebook in Europe, it added.
The company said the root of the issue stemmed from a “conflict of law” between US rules on access to data and the privacy rights of Europeans. EU and US policymakers were on a “clear path” to resolving this conflict under a new transatlantic Data Privacy Framework.