Meta (formerly Facebook) has been hit with a formal suspension order requiring it to stop exporting user data from the European Union to the U.S. for processing. The European Data Protection Board (EDPB) announced on May 22 that Meta Platforms Ireland Limited has been fined €1.2 billion by the Irish Data Protection Authority for violating the provisions of the EU-wide regulation, which governs the transfer of personal data to so-called third countries (in this case, the U.S.) without ensuring adequate protection of citizens’ data. The authority confirmed that this is the largest fine ever imposed under the General Data Protection Regulation (GDPR). In 2021, Amazon was fined $887 million for misusing customer data for the purpose of targeted advertising.
Meta was also given six months to stop the unlawful processing, including storage, in the U.S. of EU personal data that has already been transferred across the Atlantic, meaning the user data must be removed from Facebook’s servers. The decision does not affect data transfers on Meta’s other main platforms, Instagram and WhatsApp. Meta announced it would appeal the decision and request a stay of the data transfer order. The company said it was “singled out,” even though thousands of other companies use the same data transfer processes.
Meta reported net income of $23.2 billion last year.
