Facebook’s owner, Meta, has been fined a record €1.2bn (£1bn) and ordered to suspend the transfer of user data from the EU to the US by Ireland’s Data Protection Commission.
The €1.2bn fine imposed by Ireland’s Data Protection Commission (DPC), which regulates Meta across the EU, is a record for a breach of the bloc’s General Data Protection Regulation (GDPR). The suspension of Facebook data transfers is not immediate and Meta has been given five months to enact it.
The DPC punishment relates to a legal challenge brought by an Austrian privacy campaigner, Max Schrems, over concerns resulting from the Edward Snowden revelations that European users’ data is not sufficiently protected from US intelligence agencies when it is transferred across the Atlantic. Meta has also been given six months to stop “the unlawful processing, including storage, in the US” of personal EU data already transferred across the Atlantic, meaning that user data will need to be removed from Facebook servers.
This fine will hopefully remind companies that they can’t decide the fate of their user’s personal information themselves. Mishandling data can have damaging consequences on real people. Not only can people be analysed in terms of shopping habits and then targeted with adverts but sensitive information in the wrong hands can also lead to cybercrime and identity fraud. In fact, fines relating to the mishandling of our personal information need to be bigger and quicker for those who are meant to protect our data.