David Hackett (head of data protection at Addleshaw Goddard's Dublin office), has described the fine issued to Facebook parent company Meta as “landmark”.
The tech giant has been fined €1.2 billion by the Irish Data Protection Commission (DPC) for breaches relating to the transfer of personal data from the EU to the US.
"This is a real landmark moment. This is the biggest fine we have ever seen imposed by a regulator in Europe. Even in the context of Meta's huge operating revenues, this is a very significant amount, far exceeding the previous record of €746m imposed on Amazon,” he said.
"However, the corrective actions imposed on Meta are arguably even more significant than the fine. The regulator has given Meta five months to suspend EU-US data flows and six months to bring its data processing operations into compliance with GDPR (including ceasing US storage of personal data of EU users which was transferred in violation of GDPR).”
From a compliance perspective these actions may prove a bigger headache for Meta than the fines, Hackett remarked.
"All eyes will now be on the continuing negotiations around the EU-US Data Privacy Framework and whether that arrangement will be implemented in time to grant a reprieve. In the meantime, Meta has indicated it will seek a stay on the order, and appeal the decision."
"The decision is only in respect of Facebook's operations and doesn’t apply to other Meta companies. However, it clearly has huge repercussions for any entities relying on EU approved SCCs to transfer and process personal data in the US."