twitter, facebook, together-292989.jpg

Facebook Hit with 1.2 Billion Euro Penalty by Irish DPA

Facebook Hit with 1.2 Billion Euro Penalty by Irish Data Protection Authority

Meta Platforms Ireland Limited (Meta IE) has been slapped with a record 1.2 billion euro fine by the Irish Data Protection Authority (IE DPA) due to its mishandling of personal data transfers to the U.S through its Facebook service. The European Data Protection Board’s (EDPB) binding decision, issued on 13 April 2023, precipitated this unprecedented fine, which is the heftiest under GDPR to date. Additionally, Meta has been mandated to align its data transfers with GDPR regulations.

EDPB Chair, Andrea Jelinek, emphasized the gravity of Meta IE’s violation, describing it as “systematic, repetitive, and continuous.” She highlighted that the vast number of European Facebook users means the scale of data transferred is colossal. Jelinek noted that the substantial fine serves as a potent warning to organizations regarding the severe repercussions of significant violations.

On 13 April 2023, the EDPB directed the IE DPA to revise its initial decision and impose a fine on Meta IE. The EDPB, considering the severity of the violation, suggested that the fine should range between 20% and 100% of the legal maximum. Additionally, the EDPB ordered Meta IE to halt illegal processing, including the storage of European users’ personal data in the U.S, and comply with GDPR’s Chapter V within six months of the IE DPA’s final notification.

The IE DPA’s definitive decision reflects the EDPB’s legal evaluation and addresses the objections raised by other supervisory authorities. The decision is recorded in the Register for Decisions taken by supervisory authorities and courts on matters dealt with through the consistency mechanism.