Please see below comment from David Hackett, Head of Data Protection in Addleshaw Goddard’s Dublin office, regarding Meta’s fine by the Data Protection Commission.
David Hackett, Head of Data Protection in Addleshaw Goddard’s Dublin office, said:
“This is a real landmark moment. This is the biggest fine we have ever seen imposed by a regulator in Europe. Even in the context of Meta’s huge operating revenues, this is a very significant amount, far exceeding the previous record of €746m imposed on Amazon.
However the corrective actions imposed on Meta are arguably even more significant than the fine. The regulator has given Meta five months to suspend EU-US data flows and six months to bring its data processing operations into compliance with GDPR (including ceasing US storage of personal data of EU users which was transferred in violation of GDPR). From a compliance perspective these actions may prove a bigger headache for Meta than the fines.
All eyes will now be on the continuing negotiations around the EU-US Data Privacy Framework and whether that arrangement will be implemented in time to grant a reprieve. In the meantime, Meta has indicated it will seek a stay on the order, and appeal the decision.
The decision is only in respect of Facebook’s operations and doesn’t apply to other Meta companies. However, it clearly has huge repercussions for any entities relying on EU approved SCCs to transfer and process personal data in the US.”