Meta, formerly known as Facebook, has been hit with a record-breaking fine of €1.2 billion by EU ($1.3 billion) data regulators for violating privacy regulations. The company has also been ordered to cease transferring the data of EU citizens to the US. The ruling by Ireland’s Data Protection Commission (DPC) stems from concerns about privacy violations and follows whistleblower Edward Snowden’s revelations about US mass surveillance programs in 2013.
Read: Elon Musk names Linda Yaccarino new Twitter CEO
The DPC found that the current legal framework for data transfers to the US did not sufficiently protect the fundamental rights and freedoms of Facebook’s EU users. This fine surpasses the previous EU record of €746 million imposed on Amazon in 2021 for similar privacy breaches.
Transferring data to the US is vital for Meta’s ad-targeting operations, which rely on processing personal data from its users. Meta had previously threatened to shut down Facebook and Instagram in the EU if it couldn’t transfer data back to the US, a move seen as a form of blackmail by EU politicians.
Data transfers were previously protected by the transatlantic pact known as the Privacy Shield, but it was declared invalid in 2020 due to its failure to safeguard data from US surveillance programs. The ruling was a result of a claim by Austrian lawyer Max Schrems, who has been battling Facebook since 2013 over privacy concerns.
While Meta has been instructed to halt data transfers, there are some exceptions. The ruling only applies to Facebook data, not other Meta-owned platforms like Instagram and WhatsApp. There is also a grace period of five months before Meta must stop future transfers, with a final deadline of October 22nd. Negotiations are underway between the EU and the US for a new data transfer agreement, potentially in place by this summer or October.
Despite the hefty fine, experts doubt that it will significantly impact Meta’s privacy practices. The company’s revenue far exceeds the amount of the fine. More substantial measures will be necessary to ensure effective data protection.


