The Irish Data Protection Commission (DPC) has imposed a record-breaking fine of €1,200,000 on Meta, Facebook’s parent company, for GDPR (General Data Protection Regulations) violations.
The violation concerns Facebook’s practice of transferring the data of EU-based users on US-based servers, hosting that data indefinitely, and processing it without restrictions, very likely also sharing it with other entities.
According to the results of an almost three-year-long inquiry of the DPC into the social media platform’s data transfer practices, it was determined that the company violated Article 46(1) of the GDPR. The particular article concerns transfers of personal data to “third countries” and the need for those to provide appropriate safeguards and effective legal remedies to the data subjects.
However, the U.S. does not have a comprehensive data protection regulation that can be considered the equivalent of the GDPR in the country. On the contrary, each state follows a different legal approach, setting its own requirements and restrictions. Hence, the DPC considers transferring user data to the U.S. risky and violates the GDPR.
The administrative fine of €1.2 billion ($1.3 billion) is a record-breaking figure, almost double the previous record that was Amazon’s €746 million fine imposed by Luxembourg’s data protection regulator. The fine is so hefty that it contradicts the widespread view that data protection legislation is toothless and penalties are too small to have any effect or e real change in how businesses manage user data.
Apart from the fine, the Irish DPC also orders Facebook to stop all