Meta's Data Privacy Fine

Facebook's parent company, Meta, has been fined a record $1.3B by Ireland’s Data Protection Commission for violating EU privacy regulations and was ordered to stop transferring user data to US servers. Ireland’s DPC ruled Meta, whose European headquarters are in Dublin, violated the EU General Data Protection Regulation specifically pertaining to user data utilized for targeted online advertising.

The ruling stems from a 2013 lawsuit in Austria, which argued US law failed to provide adequate protection against surveillance of data transferred to the US. The US, which has a relatively relaxed privacy system, and the EU have long held contrasting views over data privacy (see 101). A previous agreement covering EU-US data transfers, known as the Privacy Shield, was struck down in 2020. The US and the EU reached an agreement on a reworked Privacy Shield framework last year, which is still pending approval.

Under the ruling, Meta has five months to stop transferring user data to the US and six months to ensure future data storage and processing comply with regulations. Meta said it will appeal the decision.