Meta was fined a record 1.2 billion Euros ($1.3 billion) Monday over the transfer of data collected from users in the European Union to the U.S.
The fine, announced by Ireland’s Data Protection Commission (DPC), is the biggest penalty since the E.U. implemented the General Data Protection Regulation the company is accused of infringing. The amount far surpassed Amazon’s 746 million Euro fine in 2021 for data protection violation. The DPC originally disagreed with other E.U. regulators over Meta’s fine, which resulted in the European Data Protection Board stepping in to impose it.
Meta was ordered to suspend the transfer of user data from the EU to the U.S. The company said it would appeal the decision and the fine. In an annual report published last year, Meta threatened to cut off services for its users in Europe if the dispute over data transferring continued.
“The ability for data to be transferred across borders is fundamental to how the global open internet works,” Nick Clegg, Meta president of global affairs, and Jennifer Newstead, chief legal officer at the company, said in a blog post on Monday. “Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on.”
“We are appealing these decisions and will immediately seek a stay with the courts who can pause the implementation deadlines, given the harm that these orders would cause, including to the millions of people who use Facebook every day,” Clegg and Newstead said.
The ruling was in response to a 2013 lawsuit made by Austrian privacy activist Max Schrems following the Edward Snowden leak, which argued that U.S. law offered no protection against surveillance of data transferred into the country.
The U.S. and E.U. have long struggled to reach an agreement on transatlantic data transfers—due in part to the E.U.’s stricter policies around data privacy and the U.S.’s lack thereof. In their statement, Clegg and Newstead called for an agreement on EU-U.S. data privacy framework to be reached before the DPC’s deadline for compliance so that “services can continue as they do today without any disruption or impact on users.”