Ireland’s Data Protection Commission (DPC) has officially slapped Facebook and Instagram parent Meta with a record €1.2 billion fine ($1.30 billion at the current exchange rate) over allegedly unlawful user-data transfers.
The EU’s European Data Protection Board (EDPB) today confirmed what it says is “the largest GDPR fine ever,” having compelled the DPC to impose a financial penalty on Meta with a binding resolution last month. For background, the same Dublin-based government agency initiated the overarching inquiry in August of 2020, after a complaint was submitted against Menlo Park-headquartered Meta concerning its transfer of EU residents’ Facebook user data to the U.S.
(Today’s fine isn’t to be confused with the comparatively modest €390 million/$421.67 million that the DPC ordered Meta to cough up back in January as a result of alleged personalized-advertising practices that violated the EU’s General Data Protection Regulation.)
On the heels of “a comprehensive investigation,” the DPC in July of 2022 determined that the transfers in question had violated Article 46 of the above-highlighted GDPR, or the section of the voluminous law pertaining to “appropriate safeguards” for the “transfer [of] personal data to a third country or an international organisation.”
Article 60 of the GDPR instructs the “lead supervisory authority” (Ireland’s DPC in this instance) to “cooperate with the other supervisory authorities concerned…to reach consensus.” Though these other authorities concurred that Meta should be made to cease the transfers, four of the 47 involved entities disagreed with the DPC’s preliminary decision not to move forward with a fine.
In keeping this time with GDPR Article 65 (“Dispute resolution by the Board”), the matter was forwarded to the European Data Protection Board, which handed down the aforesaid binding resolution last month.
Legally obligated to render its own final decision “on the basis” of the Board’s findings, Ireland’s DPC then settled upon the $1.3 billion fine, gave Meta five months to stop transferring user data to the States, and set a six-month deadline for the company “to bring its processing operations into compliance.” Needless to say, the penalty’s severity is worth keeping in mind as the EU pursues different inquiries in and around the music space.
Addressing the fine in a statement, EDPB chair Andrea Jelinek communicated in part: “Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences.”
Earlier in May, Italian Society of Authors and Publishers (SIAE) works returned to Instagram and Facebook despite the organization’s ongoing licensing dispute with Meta. And in the U.S., the Federal Trade Commission one week ago proposed a blanket ban on Meta’s monetizing underage users’ data.
Notwithstanding these and other less-than-encouraging points, the price of Meta stock (NASDAQ: META) has roughly doubled since 2023’s beginning; at the time of writing, shares were hovering around $250 apiece.