As a result of a conclusive decision European Data Protection Board (EDPB) of April 13, 2023, Meta Platforms Ireland Limited (Meta IE) was fined €1,2 billion following an investigation by the Irish Data Protection Authority (IE DPA) into the Facebook service. This fine is the highest fine ever imposed under the GDPR. It was imposed for Meta's transfer of personal data to the United States under Standard Contractual Clauses (SCCs) effective July 16, 2020. In addition, Meta was obliged to adapt the transfer of data to the principles of the GDPR.
Andrea Jelinek, Chair of the EDPB, said: “The EDPB concluded that the infringement committed by Meta IE is very serious because it involves systematic, repeated and continuous transmissions. Facebook has millions of users in Europe, so the amount of personal data transferred is enormous. The unprecedented fine is a strong signal to the organization that this is serious “violations have far-reaching consequences.”.
Also read: Norway – Oslo, fjords, nature and attractions waiting for tourists
In its binding decision of 13 April 2023, the EDPB instructed the IE DPA to amend the draft decision and impose a fine on Meta IE. Due to the seriousness of the infringement, the EDPB considered that the starting point for calculating the fine should be between 20% and 100% of the maximum permissible fine. The EDPB also directed the IE DPA to instruct Meta IE to bring its processing operations into line with Chapter V of the GDPR by stopping the unlawful processing, including storage, in the United States of European users' personal data transferred in violation of the GDPR within 6 months of notification of IE SA's final decision.
The final decision of the IE DPA takes into account the legal and statutory assessment expressed by the EDPB in its binding decision, taken pursuant to Art. 65 sec. 1 lit. a GDPR after the IE DPA, acting as the lead supervisory authority (LSA), launched a dispute resolution procedure in relation to allegations made by several concerned supervisory authorities (CSAs). Among others, supervisory authorities have reported allegations aimed at imposing an administrative fine and/or an additional order to bring the processing into compliance.
Like us on Facebook and share our post with others. Thank you.
Source: European Data Protection Board
