Owner
and
operator
of
social
media
site
Facebook,
Meta
Platforms
Ireland
(Meta
IE),
is
facing
a
record
€1.2bn
(US$1.2
bn)
fine
after
an
investigation
by
the
Irish
Data
Protection
Authority
(IE
DPA)
into
its
data
transfer
practices.
Meta
has
also
been
instructed
to
ensure
its
data
transfers
meet
General
Data
Protection
Regulation
(GDPR)
standards.
The
fine,
which
is
the
largest
ever
GDPR
fine
issued
ever,
was
imposed
by
the
European
Data
Protection
Board
(EDPB)
for
Meta
IE’s
transfers
of
personal
data
to
the
US
for
standard
contractual
clauses
from
July
2020.
According
to
EDPB
Chair,
Andrea
Jelinek,
Meta
IE’s
GDPR
infringement
is
“very
serious”
as
the
transfers
were
“systematic,
repetitive
and
continuous”
and
concern
a
large
volume
of
personal
data.
Jelinek
said
of
the
fine:
“The
unprecedented
fine
is
a
strong
signal
to
organizations
that
serious
infringements
have
far-reaching
consequences.”
In
a
binding
dispute
resolution
decision
issued
on
April
13,
the
EDPB
instructed
the
IE
DPA
to
impose
a
fine
on
Meta
IE.
The
EDPB
also
told
the
IE
DPA
to
order
Meta
IE
to
ensure
its
processes
are
compliant
with
Chapter
V
GDPR
regulations,
meaning
the
company
must
cease
its
unlawful
processing
and
storage
of
personal
data
of
European
users
transferred
to
the
US
in
violation
of
the
GDPR.
Ireland’s
Data
Protection
Commission
(DPC)
has
previously
fined
Meta
IE
for
GDPR
violations.
On
November
25,
2022,
the
DPC
announced
that
it
would
be
imposing
a
€265mn
(US$275mn)
fine
and
“a
range
of
corrective
measures”
on
Meta
IE
after
an
investigation
into
suspected
data
scraping
on
the
site
following
a
data
leak
that
saw
the
personal
data
of
553
million
Facebook
users
published
to
the
internet.
As
a
result
of
the
leak,
the
Facebook
IDs,
names,
dates
of
birth,
locations,
bios
and
in
some
cases
email
addresses
of
the
affected
accounts
were
made
publicly
available
via
a
post
on
the
dark
web.
About Author
