May 22, 2023 - Economy

EU fines Meta $1.3 billion for sending European user data to U.S.

Meta CEO Mark Zuckerberg in San Jose, California, in December 2022.

Meta CEO Mark Zuckerberg in San Jose, California, in December 2022. Photo: David Paul Morris/Bloomberg via Getty Images

The European Union issued its largest fine ever for violations of its data privacy law on Monday, slapping Meta with a $1.3 billion (1.2 billion euro) penalty for transferring the personal data of European users to the U.S., Ireland's Data Protection Commission (DPC) said Monday.

Why it matters: The fine tops the previous largest data privacy fine of 746 million euro against Amazon in 2021 for data protection violations.

  • It also comes after Meta received a $414 million penalty from the EU in January for illegally requiring users to agree to personalized and targeted ads.

The DPC ruled that Meta failed to comply with a previous decision by the EU's highest court, which said that Europeans' data could not be sufficiently protected from U.S. intelligence agencies once it enters the U.S.

  • The Irish privacy watchdog said it's giving the company a grace period of at least five months to cease any future transfers and to bring its data operations into compliance with the EU's privacy law.

What they're saying: Andrea Jelinek, chair of the European Data Protection Board, said in a statement on Monday that the board found Meta's alleged violation "very serious since it concerns transfers that are systematic, repetitive and continuous."

  • "Facebook has millions of users in Europe, so the volume of personal data transferred is massive," Jelinek said in the statement. "The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences."

Nick Clegg, Meta's president of global affairs, and chief legal officer Jennifer Newstead said in a joint statement that the company would appeal the decision, "given the harm that these orders would cause, including to the millions of people who use Facebook every day."

  • They said the ability to transfer data across borders was fundamental to a "global open internet" and that without it "the internet risks being carved up into national and regional silos."
  • "This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.," Clegg and Newstead said.

Our thought bubble, via Axios' Ashley Gold: The fine is an expensive result of the EU and U.S. not seeing eye-to-eye on how safe EU user data is in the hands of American companies — a disagreement that has lasted through years of negotiations.

  • But Meta doing business in the EU is too important for the company to not find a solution.

The big picture: The fine comes as the EU and the U.S. — which does not have a federal data privacy law — have attempted to negotiate a data-sharing agreement that would allow tech firms to transfer certain information across the Atlantic.

  • The EU's highest court struck down a previous agreement in 2020, and tech giants have since had to maneuver between the two wildly different data privacy regimes in the U.S. and the EU.
  • President Biden and European Commission President Ursula von der Leyen announced a preliminary deal last year, though EU lawmakers called for improvements to the agreement earlier this month.

Go deeper: European Union approves Microsoft's $69 billion bid for Activision

Go deeper