Meta, the parent company of Facebook, has incurred a hefty penalty of €1.2 billion for violating the General Data Protection Regulation (GDPR) rules by transferring data of European users to servers located in the United States. This move goes against the GDPR rules that were implemented in May 2018.
The Imposed Penalty and Violation Details
The Irish Data Protection Commission has pronounced a penalty of €1.2 billion and imposed a $1.3 billion fine on Meta for transferring user data to servers outside European soil. This action exploited the Standard Contractual Clause (SCC) that was in effect before July 16th, 2020.
Privacy Shield Agreement and Surveillance Concerns
Up until 2020, the European Union (EU) and North America operated under the Privacy Shield agreement, allowing the free flow of data between the two regions. However, following the revelations of the Cambridge Analytica scandal, concerns about surveillance grew among the public in both continents. As a result, the European Court of Justice enacted a new act that prohibited EU companies from transferring data to servers located in other countries.
Meta’s Failure to Comply and the Imposed Penalty
Due to Meta’s failure to comply with the aforementioned law, the data watchdog was compelled to impose a record-breaking penalty of $1.3 billion. However, Meta has been granted a grace period of six months, until October 12th, 2023, to transition away from the SCC clause and adhere to the new set of GDPR rules. Under these rules, data generated in one region must be stored and analyzed within the same region.
Meta’s Compliance Dilemma and Future Implications
The question remains: Will Meta, the parent company of the world’s largest social network, finally listen and abide by the rules? The answer is uncertain, as the inner workings of multinational data centers remain opaque. While many companies claim to prioritize user privacy and security, their actions often fall short when data breaches or rule violations occur.
The penalty imposed on Meta serves as a significant warning to other tech giants and emphasizes the importance of data privacy and compliance with GDPR regulations. The outcome of Meta’s compliance with the new rules will shape the future of data privacy and protection for users worldwide.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.