Meta fined $1.3B for violating EU GDPR data transfer rules on privacy

From CSO: Meta has been fined $1.3 billion (€1.2 billion) by the Irish Data Protection Commission (DPC) for violating the terms of the EU’s GDPR by continuing to transfer EU users’ data to the US without adequate safeguards.

Meta has failed to “address the risks to the fundamental rights and freedoms" of Facebook's European users, the DPC said in a statement. In addition to the fine, Meta has been given five months to stop the transfer of Facebook data to the US via so-called standard contractual clauses (SCCs).

SCCs have been used by companies to transfer EU data to the US since the Court of Justice of the European Union (CJEU) ruled that the Privacy Shield agreement that was in place to facilitate the flow of data did not sufficiently protect data from US spy agencies. The ruling, in 2020, struck down the agreement and tightened requirements around the use of SCCs, a separate legal tool that was also being widely used by companies to transfer data to the US.

View: Full Article