Facebook’s parent company Meta Platform was hit with a fine of nearly 1.2 billion euro in Europe for violating the Personal Information Protection Act.
According to Reuters and others, the Irish Data Protection Committee (DPC) imposed a 1.2 billion euro fine on Meta on the 22nd (local time) for violating the Personal Information Protection Act, suspending the transmission of users’ related data to the U.S. within six months. It also ordered the deletion of related data.
The amount of fines imposed by Meta is the highest ever imposed for violating the Personal Information Protection Act in the European Union (EU Act. In 2021, Luxembourg surpassed the record of 746 million euros bitten by Amazon, the world’s largest e-commerce company.
The DPC fined Meta for continuing to send data to the U.S. even though the European Court of Justice (ECJ), the highest court in Europe, invalidated the transmission agreement between the U.S. and the EU.
“Facebook has a huge amount of personal data sent to Europe with numerous users,” said Andrea Yelinek, chairman of the EU’s Information Security Council. “Unprecedented fines are a strong sign that serious privacy violations can have widespread consequences.”
The issue of Meta’s data storage began when Austrian privacy activist Max Schrems filed a lawsuit based on the revelations of Edward Snowden, a former U.S. National Security Agency employee. Schrems first filed a complaint in 2013 after Snowden exposed the U.S. government’s alleged online data surveillance, saying IT companies such as Facebook were not properly protecting their personal information when transmitting European users’ data to the U.S.
Meta and others have been using data from European users based on the “Safe Harbor” agreement, which stipulates that the EU and the U.S. can transmit European personal information to the U.S. in 2000. However, in October 2015, the European Court of Justice ruled the agreement invalid, saying that these companies did not sufficiently protect privacy.
Accordingly, the U.S. and the EU signed a “Privacy Shield” in 2016 to protect personal information when transmitting it to the U.S. for commercial purposes, but the European Court of Justice ruled that it was invalid again in July 2020 due to concerns over the U.S. government’s monitoring of personal information.