EU Imposes Record €1.3 Billion GDPR Fine on Meta for Data Transfers

Record GDPR Fine Against Meta

The European Data Protection Board (EDPB) has imposed a landmark €1.3 billion fine on Meta Platforms, marking the largest penalty ever issued under the General Data Protection Regulation (GDPR). The fine was levied for Meta's continued transfer of European Union users' personal data to the United States without adequate data protection safeguards.

Background and Investigation

The investigation, led by the Irish Data Protection Commission (DPC) as Meta's lead supervisory authority in the EU, found that Meta's reliance on Standard Contractual Clauses (SCCs) for transatlantic data transfers failed to address the risks identified by the Court of Justice of the European Union in its landmark Schrems II ruling.

Implications for Tech Companies

This decision sends a strong signal to all companies engaged in cross-border data transfers. Organizations must now carefully evaluate their data transfer mechanisms and ensure compliance with GDPR requirements. The ruling also accelerates the urgency for a new EU-US data transfer framework.

What's Next

Meta has announced its intention to appeal the decision. Meanwhile, the EU-US Data Privacy Framework is being negotiated to provide a new legal basis for transatlantic data flows.