European watchdog fines Meta $1.3 billion over privacy violations

A European privacy regulator slapped Facebook parent company Meta with a record $1.3 billion fine over transfers of user data to the United States.
A European privacy regulator slapped Facebook parent company Meta with a record $1.3 billion fine over transfers of user data to the United States.
Jeff Chiu/AP

Tech giant Meta must pay a record 1.2 billion euros — nearly $1.3 billion — for breaching European Union privacy laws.

Meta, which owns Facebook, had continued to transfer user data from countries in the European Union and the European Economic Area to the United States despite being suspended from doing so in 2021, an investigation by Ireland's Data Protection Commission (DPC) found.

The unprecedented penalty from the European Data Protection Board, announced on Monday, is intended to send a strong signal to organizations "that serious infringements have far-reaching consequences," the regulator's chair, Andrea Jelinek, said in a statement.

Meta, which also owns WhatsApp and Instagram, plans to appeal the ruling and will seek to suspend the case from proceeding in court.

Create a More Connected Minnesota

MPR News is your trusted resource for the news you need. With your support, MPR News brings accessible, courageous journalism and authentic conversation to everyone - free of paywalls and barriers. Your gift makes a difference.

"This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.," President of Global Affairs Nick Clegg and Chief Legal Officer Jennifer Newstead said in a statement.

The privacy battle between Meta and EU courts began when an Austrian privacy activist won a decade-long lawsuit to invalidate a U.S.-E.U. data-moving pact.

Known as Privacy Shield, that agreement had allowed Facebook and other companies to transfer data between the two regions. It was struck down in 2020.

The DPC has also ordered Meta suspend all future data transfers within the next five months and make compliant all European data currently stored in the U.S. within the next six months. That's information including photos, friend connections, direct messages and data collected for targeted advertising.

The U.S. and the EU are currently negotiating a new data-moving agreement, called the Data Privacy Framework, and they are expected to reach a deal this summer. If that agreement is inked before the DPC's deadlines expire, "services can continue as they do today without any disruption or impact on users," Meta said in its statement.

DPC's fine on Meta is the largest penalty imposed by a European regulator on a tech company since the EU slapped Amazon with a 746 million euro fine in 2021.

The European Court of Justice has said the risk of U.S. snooping violates the fundamental rights of European users. And regulators say Meta has failed to sufficiently protect data from American spy agencies and advertisers.

There is currently no disruption to Facebook in Europe, Meta said in the statement.

Copyright 2023 NPR. To see more, visit https://www.npr.org.