Internet giant Meta has received a record €1.2 billion fine for breaching Europe’s General Data Protection Regulation (GDPR). The Irish data protection authority DPC announced on Monday in Dublin that this fine had been imposed. The case relates to Facebook’s involvement in mass surveillance by American intelligence agencies, which was exposed ten years ago by US whistleblower Edward Snowden. Max Schrems, an Austrian data protection activist, filed a complaint against Facebook at the time.
This fine, imposed by the DPC, surpasses the previous record €746 million paid by Amazon.com in Luxembourg. In addition, Meta has been prohibited from transferring further European personal data to the United States as the company remains subject to US surveillance laws.
Meta has yet to comment on this record-breaking fine. However, experts assume that the US group will appeal the decision. However, it is possible that the court proceedings could drag on for several years. In the meantime, a new data pact between the European Union and the USA could come into force, which will regulate transatlantic data exchange. Meta had previously threatened several times to withdraw completely from the EU if permanent transatlantic data transfer was not possible.
Max Schrems explained that the fine imposed could have been even higher, as the maximum penalty is over four billion euros. Meta knowingly violated the GDPR for a period of ten years in order to make a profit. Schrems noted that unless US surveillance laws change, Meta will likely need to fundamentally redesign its systems.
The Irish data protection authority DPC had refused for years to take action against Facebook in this case. Finally, the European Data Protection Board (EDPB) obliged the DPC to impose a fine against the social network. This decision only affects Facebook and not other services of the meta group such as Instagram or WhatsApp. However, Meta was fined €390 million by the DPC in January for forcing Facebook and Instagram users to consent to personalized ads.
Since the General Data Protection Regulation came into force five years ago, fines totaling four billion euros have been imposed on Meta. Meta has now made the top ten list of fines six times, bringing the total fine to €2.5 billion. The highest fine in Germany was imposed in 2020 when the fashion chain H&M had to pay 35 million euros due to an insufficient legal basis for data processing in its online shop.