Last Monday, May 22, Meta was sanctioned because it was found guilty by the Data Protection Commission of having violated the European regulation on data protection, precisely article 46. The fine imposed by the privacy regulator in the European Union is mind-boggling: 1 .2 billion euros. The reason? The incorrect handling and transfer of user information, especially from the European Union to the United States of America. Now the company has five months to stop the data transfer before having to pay.
It all began 5 years ago when Max Schrems, an Austrian lawyer and activist for digital rights, following some statements by Edward Snowden, a former employee of the National Security Agency, denounced Facebook for failing to protect his personal data. This is the first time there has been a legal battle over the transfer of European user data to the United States.
It’s not the first time something like this has happened. In fact, a couple of years ago another giant had been fined very heavily. Amazon received a record €746 million fine imposed by Luxembourg over EU privacy. The company immediately announced that it will appeal the ruling deemed “unjustified and unnecessary”. For this reason, he will ask for the suspension of the DPC orders through the courts.
Andrea Jeline, president of the Edpb, European Data Protection Board, explained the extent of the fine by stating that such serious violations have the only consequences of large-scale sanctions. Even more so if, as Jeline always declares, it is related to “systematic, repetitive and continuous” data transfers as the Californian company would seem to have done. Also, with Facebook having millions and millions of users in Europe alone, the data transfer was colossal. Nick Clegg, and Jennifer Newsteas, respectively President Global Affairs of Meta and Chief Legal Officer, declared through an official post that they are ready to appeal the sentence because, from their point of view, a similar action sets a dangerous precedent for “other companies that transfer data between the EU and the US”. They also added that canceling the ability to transfer data across borders risks constraining the global economy.
At the same time, Meta executives said they were satisfied that the decision does not require suspending the data. Furthermore, they do not even have the obligation to delete what is already stored in their databases. In any case, the company, despite having already announced that it is ready to appeal, does not seem to have a chance that this will be accepted and that the sanction will be modified. The Court of Justice has already explained that there are no legal bases capable of legitimizing intercontinental transfers to the United States. Even standard contractual conditions are not enough as they are unable to guarantee adequate safeguards and truly protect consumers.
This is not a particularly prosperous moment for US society. Since the beginning of 2023 alone, they have already had to lay off 21,000 people. For this reason, the most probable solution, net of the fact that it is absolutely unlikely that Meta will suspend the services provided in the European Union since the Old Continent represents their second largest market after the United States of America, is that Meta will continue to transfer personal data but within the European Union.