Meta, the parent company of Instagram and Facebook, has been slapped with a record breaking fine by Ireland’s Data Protection Commission (DPC) for mishandling people’s data during transfers between Europe and the United States.
This penalty represents the largest fine to date under the European Union’s General Data Protection Regulation (GDPR) privacy law, which outlines specific guidelines that companies must adhere to when transferring user data outside of the EU.
Meta contested the €1.2bn (£1bn) fine, with their president of global affairs Nick Clegg saying, “We are disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US.”
The primary issue at hand revolves around the utilisation of standard contractual clauses to facilitate the movement of European Union data to the US, which incorporate measures to ensure the continued protection of personal data during cross-border transfers.
However, concerns persist regarding the exposure of European citizens to the less stringent privacy laws of the US, potentially granting US intelligence agencies access to the transferred data.
International Association of Privacy Professionals representative, Caitlin Fennessy, said, “The size of this record-breaking fine is matched by the significance of the signal it sends. Today’s decision signals that companies have a whole lot of risk on the table.”
Speaking to the BBC however, the Information Commissioner’s Office clarified that the ruling “does not apply in the UK”.
[Image via Shutterstock]