The Irish Data Protection Commission (DPC) has fined Facebook parent firm Meta €1.2 billion for violations involving the transfer of personal data from the EU to the US.
It surpasses the previous record fine of €746 million, which was levied on Amazon in 2021, to become the highest EU privacy fine ever.
As part of the decision, Meta has been given five months to comply with the order to halt data transfers from the EU to the US.
The firm has been given six months to stop processing personal data of European users that was transferred illegally, including storage in the US, in violation of the General Data Protection Regulation (GDPR).
The ruling just affects Facebook; it has no bearing on Meta’s other services, such Instagram and WhatsApp.
The decision comes after the DPC investigated into the legal procedures Meta utilised to move Facebook user data from the EU to the US.
The tools are known as “standard contractual clauses” and the DPC found that the arrangements did not address the risks to the fundamental rights and freedoms of data subjects.
Meta said it will appeal the decision.
“We will appeal the ruling, including the unjustified and unnecessary fine, and seek a stay of the orders through the courts,” the company said in a statement.”
Meta said it was disappointed to have been singled out when using the same legal mechanisms as thousands of other companies providing services in Europe.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US,” Meta said.