The European Union's data privacy watchdog, the Irish Data Protection Commission, imposed a record fine of 1.2 billion euros ($1.29 billion) on Facebook owner Meta on Monday for illegally transferring EU user data to the United States.
Meta was also ordered to "suspend any transfer of personal data to the US" for five months and to stop "illegally processing (including storing) EU personal data in the US" for six months after transfer. In January, the DPC fined Meta 390 million euros over Facebook pushing ads on users in the EU. It had said at the time that 11 more investigations were active against Meta.
Earlier, the EU had slapped heavy fines on US internet giants over privacy issues. Luxembourg, for example, fined Amazon 746 million euros in 2021.
It is thought-provoking that the EU's data privacy regulator has come down hard against Meta in less than five months. This year marks the fifth anniversary of a new version of the EU's General Data Protection Regulation, which is considered the toughest data privacy legislation in existence. Perhaps, the heavy penalty on Meta is meant to show the power of the GDPR. However, even more bizarre is that a Transatlantic Data Privacy Framework came into force last October between the EU and the US to address EU concerns about data transfers to the US. The DPC asking Meta to suspend data transfers to the US is equivalent to scrapping the Framework.
The European Court of Justice has already abolished two data transfer agreements between the EU and the US. On the surface, the EU is more focused on protecting users' privacy, while the US is more focused on protecting the ability of data collectors to turn data into productivity. However, the bigger divide lies in the EU seeing the US internet giants as a threat to its security. The EJC has warned that EU users cannot be guaranteed protection from "snooping" by US security services when their data is shipped to servers on the other side of the Atlantic.
Not surprisingly, led by France and Germany, the EU launched its own cloud platform with clear digital sovereignty in 2021, to store, process and exchange data services for European enterprises. The EU's fine against Meta is not only for violating the EU GDPR, but also a counterattack against the US on data privacy.