Ireland’s Data Protection Commission on Monday fined Meta $1.3 billion for privacy violations and ordered the U.S. tech giant to stop transferring user data across the Atlantic by October
The penalty was imposed following a three-year investigation into how Meta Ireland sends personal data from the European Union to the United States in the delivery of its Facebook service, according to a news release from the DPC, which has regulatory jurisdiction because Meta’s European operation is headquartered in Dublin.
The DPC had proposed a much smaller fine and placed a block on the illegal transfer of data in contravention of the EU’s 2016 General Data Protection Regulation. But a spat among regulators elsewhere in the 27-country bloc saw the European Data Protection Board overrule it.
The ruling found that Meta Ireland infringed on GDPR when it continued to transfer personal data from the EU to the United States even after the EU Court of Justice ruled against Facebook Ireland in a case brought by the Data Protection Commissioner in July 2020.
Meta, which said there would be no immediate disruption to Facebook in Europe, pledged to appeal the ruling, including the “unjustified and unnecessary fine,” and seek a stay of the orders through the courts, saying it set a “dangerous precedent” for companies that transfer data between the EU and the United States.