Listen
to
this
post
On
May
22,
2023,
the
Irish
Data
Protection
Commission
(the
“DPC”)
announced
a
€1.2
billion
fine
against
Meta
Ireland
for
unlawfully
transferring
personal
data
to
the
U.S.
In
this
landmark
decision,
the
DPC
considered
that
even
though
Meta
Ireland
relied
on
the
EU
Standard
Contractual
Clauses
in
conjunction
with
additional
supplementary
measures
to
legitimize
its
data
transfers
to
the
U.S.,
these
arrangements
were
not
sufficient
to
address
the
requirements
arising
from
the
Court
of
Justice’s
Schrems
II
judgment.
In
addition
to
the
fine,
the
DPC
ordered
Meta
Ireland
to
suspend
any
future
transfers
of
personal
data
to
the
U.S.
within
five
months.
Meta
Ireland
is
also
required
to
cease
unlawful
processing,
including
storage,
in
the
U.S.
of
personal
data
of
EEA
users
transferred
in
violation
of
the
GDPR,
within
six
months.
As
a
reminder,
the
DPC’s
earlier
draft
decision
did
not
impose
a
fine
on
Meta
Ireland.
The
record
fine
arises
from
EDPB’s
Article
65
binding
decision,
after
supervisory
authorities
in
other
countries
raised
objections.
Meta
Ireland
has
stated
that
it
will
appeal
the
decision.
Read
the
DPC’s
decision
and
the
EDPB’s
Article
65
binding
decision.