Facebook’s owner, Meta, has been fined a record €1.2bn (£1bn) and ordered to suspend the transfer of user data from the EU to the US.
The fine – equivalent to $1.3bn – imposed by Ireland’s Data Protection Commission (DPC), which regulates Meta across the EU, is a record for a breach of the bloc’s General Data Protection Regulation (GDPR).
The suspension of Facebook data transfers is not immediate and Meta has been given five months to implement it.
It’s a tough time for Meta. Can AI help make the company relevant again?
The DPC punishment relates to a legal challenge brought by an Austrian privacy campaigner, Max Schrems, over concerns resulting from the Edward Snowden revelations that European users’ data is not sufficiently protected from US intelligence agencies when it is transferred across the Atlantic.
Meta has also been given six months to stop “the unlawful processing, including storage, in the US” of personal EU data already transferred across the Atlantic, meaning that user data will need to be removed from Facebook servers.
The ruling does not affect data transfers at Meta’s other main platforms, Instagram and WhatsApp. Meta said it would appeal against the decision and seek a stay on the data transfer order.