Ireland’s data privacy regulator has fined Meta a record 1.2 billion euros ($1.3 billion) regarding Facebook’s illegal data transfers from Europe to the U.S., the group announced today (May 22). It represents the largest charge against any company since the E.U.’s General Data Protection Regulation (GDPR) became active in 2018.
“The ability for data to be transferred across borders is fundamental to how the global open internet works,” global affairs head Nick Clegg and chief legal officer Jennifer Newstead said in a statement. Meta is being singled out and will appeal the “unjustified and unnecessary fine” in court, the executives said. Of the 10 cases E.U. regulators have concluded against Meta in the last five years, the company has brought seven of them to court. None have resolved.
The Data Protection Commission (DPC), Ireland’s regulator, opened the case in August 2020. The agency found that Meta violated a July 2020 decision by Europe’s highest court that ruled companies could not transfer the personal data of E.U. users to less secure locations—the U.S. being one. The risk of U.S. spy agencies intercepting the transfers violated the privacy rights of E.U. citizens, according to the court. In addition to the fine, the DPC required Meta’s Irish branch, which stores E.U. users’ data, to suspend Facebook’s personal data transfers to the U.S. The company has five months to comply.
Meta owes the most of all companies regarding GDPR-related charges. E.U. regulators have fined the company a sum of $2.8 billion, or 63 percent of the total charges in all of Europe. Despite the high price, the fines don’t make a dent in Meta’s overall revenue. The company earned $117 billion in 2022 alone, according to company earnings reports.
The U.S. is working on a deal with E.U. officials that intends to protect companies moving data into the U.S. The parties reached a preliminary deal last year, but the details are still being negotiated. A new contract could safeguard Meta’s ability to transfer data in the future. If a deal is not reached, the E.U. could require the company to delete E.U. user data from American servers. The move could damage Meta’s ability to earn revenue off European users, as its business model relies on selling targeted advertisements based on user data.
How does Meta’s fine relate to TikTok?
The fine against Meta also shines a light on TikTok, the short-form video competitor owned by ByteDance, a Chinese company. U.S. legislators have rallied around regulating or banning the app in recent months over concerns the Chinese Communist Party has access to U.S. user data. Just as U.S. officials fear foreign governments could intercept data, other countries could be concerned that American agencies have access to user data from American companies like Meta.
The E.U. has similar concerns regarding TikTok, which is spending billions to convince the Western World it is safe. TikTok is allocating $1.5 billion for a data center in Texas and for U.S.-based tech company Oracle to oversee the company’s data transfers. One of three data centers in Europe costs $420 million.