Meta Platforms Ireland Limited (Meta IE), the parent company of Facebook, has been hit with a staggering 1.2 billion euro fine. This makes it the largest General Data Protection Regulation (GDPR) fine ever issued.
The fine comes from the European Data Protection Board’s (EDPB) binding dispute resolution decision on April 13, 2023. The Irish Data Protection Authority (IE DPA) conducted an inquiry into Meta’s Facebook service. It then found violations related to the company’s transfers of personal data to the United States using standard contractual clauses (SCCs) since July 16, 2020.
In addition, the EDPB’s decision not only imposes a hefty penalty. It also requires Meta to bring its data transfers into compliance with GDPR regulations.
Serious Infringements Lead to Unprecedented Consequences
Andrea Jelinek, Chair of the EDPB, emphasized the severity of Meta IE’s infringement. Jelinek stated that the transfers in question were systematic, repetitive, and continuous. Moreover, with millions of Facebook users in Europe, the transfer scale of personal data is massive.
The record-breaking fine also serves as a strong message to organizations that serious violations will have far-reaching consequences. In addition, it highlights the EDPB’s commitment to protecting individuals’ privacy rights in the digital age.
EDPB’s Binding Decision Sets the Stage
The EDPB’s binding decision on April 13, 2023, instructed the IE DPA to revise its draft decision. This imposed a substantial fine on Meta IE. Considering the gravity of the infringement, the EDPB determined that the fine should range between 20% and 100% of the applicable legal maximum. The IE DPA was also directed to order Meta IE to bring its processing operations in line with Chapter V of the GDPR. This includes ceasing the unlawful processing and storage of personal data of European users in the United States. Meta IE has been given a deadline of six months following notification of the IE DPA’s final decision to rectify its data transfer practices.
Collaboration among Authorities Drives Action
The IE DPA’s final decision reflects the legal assessment provided by the EDPB in its binding decision. The decision was reached after the IE DPA initiated a dispute resolution procedure in response to objections raised by several concerned supervisory authorities (CSAs). These objections sought to enforce administrative fines and additional measures to ensure compliance with GDPR standards. The IE DPA’s decision and the EDPB’s binding resolution can be accessed in the Register for Decisions taken by supervisory authorities and courts on issues handled in the consistency mechanism.
Moving Forward with Data Protection
This fine and the EDPB’s binding decision clearly indicate the EU’s commitment to hold tech giants accountable for their actions. It also sends a strong message that organizations must prioritize the privacy and security of user data.
Meanwhile, how Meta IE will respond to this substantial fine remains to be seen.
Source: European Data Protection Board
![[PR Banner] HATASUKILIG Feb Ibig Campaign ()](https://jamonline.ph/wp-content/uploads/2024/02/PR-Banner-HATASUKILIG-Feb-Ibig-Campaign-1-218x150.jpeg "HATASU Launches HATASUKILIG treats and deals!")
