1.2 billion penalty to Meta
1.2 billion penalty to Meta
META Ireland has been fined 1.2 billion euros by the Irish Data Protection Authority for non-compliance with data protection regulations.
It is undeniable that the figure is shocking, especially if we know that it is the largest fine ever imposed by a European authority.
Reason for sanction to META Ireland
META Ireland has been sanctioned for transferring personal data of European users of the social network Facebook to data centers in the United States, which were then used by the intelligence services of that country.
Therefore, the sanction is directed only at Facebook and not at Instagram or WhatsApp.
Moreover, these data transfers were, in the words of Andrea Jelinek, Chairman of the European Data Protection Committee, “systematic, repetitive and continuous”, taking into account that they involved a massive volume of data processing.
The investigation began in 2020 and it has been this Monday when the final decision has been made known, so it has been a difficult case to solve due to the complexity of the situation, as well as the legal absences.
Conclusions of the Irish sanctioning authority
First:
The level of protection of the U.S. legal system is not equivalent to the European legal system.
Second:
The standard contractual clauses drawn up in 2020 and 2021 are not sufficient to guarantee data protection at the European level in the face of US legislation.
Third:
Meta Ireland has no complementary measures to compensate for the inadequate protection provided by U.S. law.
Fourth:
The exceptions provided for in Article 49 of the GDPR do not apply to the transfer of data by META.
Fifth:
Meta Ireland has violated Article 46.1 of the GDPR by transferring personal data to a third country, which does not provide adequate safeguards, as well as data subjects do not have enforceable rights and effective legal remedies.
What is the penalty imposed on META Ireland?
The Irish authority has decided the following:
5-month deadlineto stop transferring data from the EU to the US.
-6 months todelete all shared European user data.
Imposea fine of 1.2 billion euros for non-compliance.
Positioning of META Ireland
Meta Ireland considers this decision to be an “unjustified and unnecessary fine” and will therefore appeal, as expected.
META’s card up its sleeve at the moment is that, during the time it takes to appeal the Irish authority’s decision, the Trans-Atlantic Data Privacy Framework Agreement may see the light of day.
What is the Trans-Atlantic Data Privacy Framework?
Trans-Atlantic Data Privacy Framework is the framework agreement on data privacy that should govern the transfer of data between the EU and the US, under the standards of protection required by European regulations, through an adequacy process.
After the cancellation of the EU-US Privacy Shield in July 2020, actions have been taken to regulate this situation because such transatlantic transfers continue to take place, and the problem of ensuring data protection is still present.
Following the adoption of the framework agreement between the EU and the US in March 2022 on this subject, as well as the Executive Order (EO 14086) issued by President Joe Biden on October 7, 2022, the following improvements were included in the guarantees for data protection by the US:
–Limitingaccess to data by U.S. intelligence authorities to what is strictly necessary and proportionate for the purpose of protecting national security.
-Strict supervisionof the activities carried out by the U.S. intelligence services.
–Creationof a specific, independent and impartial data protection court where data subjects can exercise their rights with respect to the processing of their data by the U.S. national security authorities.
In February of this year, the European Data Protection Board(EDPB) applauded these improvements on the US side; however, it expressed some concerns related to commercial issues and government access to data transferred to the US from the EU.
This Agreement has not yet been approved, and therefore is not yet in force, so we will have to wait for its publication, which is expected for the summer.
Business Adapter® at your service
If you need advice, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]