EU fines Meta $1.3 billion for sending European user data to U.S.

The European Union issued its largest fine ever for violations of its data privacy law on Monday, slapping Meta with a $1.3 billion (1.2 billion euro) penalty for transferring the personal data of European users to the U.S., Ireland's Data Protection Commission (DPC) said Monday.

Why it matters: The fine tops the previous largest data privacy fine of 746 million euro against Amazon in 2021 for data protection violations.

• It also comes after Meta received a $414 million penalty from the EU in January for illegally requiring users to agree to personalized and targeted ads.

The DPC ruled that Meta failed to comply with a previous decision by the EU's highest court, which said that Europeans' data could not be sufficiently protected from U.S. intelligence agencies once it enters the U.S.

• The Irish privacy watchdog said it's giving the company a grace period of at least five months to cease any future transfers and to bring its data operations into compliance with the EU's privacy law.

What they're saying: Andrea Jelinek, chair of the European Data Protection Board, said in a statement on Monday that the board found Meta's alleged violation "very serious since it concerns transfers that are systematic, repetitive and continuous."

• "Facebook has millions of users in Europe, so the volume of personal data transferred is massive," Jelinek said in the statement. "The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences."

Nick Clegg, Meta's president of global affairs, and chief legal officer Jennifer Newstead said in a joint statement that the company would appeal the decision, "given the harm that these orders would cause, including to the millions of people who use Facebook every day."

• They said the ability to transfer data across borders was fundamental to a "global open internet" and that without it "the internet risks being carved up into national and regional silos."
• "This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.," Clegg and Newstead said.

Our thought bubble, via Axios' Ashley Gold: The fine is an expensive result of the EU and U.S. not seeing eye-to-eye on how safe EU user data is in the hands of American companies — a disagreement that has lasted through years of negotiations.

• But Meta doing business in the EU is too important for the company to not find a solution.

The big picture: The fine comes as the EU and the U.S. — which does not have a federal data privacy law — have attempted to negotiate a data-sharing agreement that would allow tech firms to transfer certain information across the Atlantic.

• The EU's highest court struck down a previous agreement in 2020, and tech giants have since had to maneuver between the two wildly different data privacy regimes in the U.S. and the EU.
• President Biden and European Commission President Ursula von der Leyen announced a preliminary deal last year, though EU lawmakers called for improvements to the agreement earlier this month.

Go deeper: European Union approves Microsoft's $69 billion bid for Activision