{"id":92029,"date":"2023-05-22T08:59:00","date_gmt":"2023-05-22T08:59:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=92029"},"modified":"2023-05-22T08:59:00","modified_gmt":"2023-05-22T08:59:00","slug":"facebook-owner-meta-fined-record-e1-2-billion-over-eu-us-data-transfers","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=92029","title":{"rendered":"Facebook owner Meta fined record \u20ac1.2 billion over EU-US data transfers"},"content":{"rendered":"
<\/div>\n

Meta, the company which owns Facebook, has been fined \u20ac1.2 billion and has been ordered to suspend transfers of data from Facebook users in the Europe to the US.<\/p>\n

The fine, issued by the Irish Data Protection Commissioner, is the largest imposed by the European Union for breaching data protection regulations. <\/p>\n

The decision<\/a> is expected to have wider ramifications for companies that share data between Europe and the US which now face regulatory uncertainty.<\/p>\n

The Data Protection Commission (DPC) found that Meta Ireland continued to breach the General Data Protection Regulation by failing to comply with a ruling by the European Court of Justice in  2020<\/a> that required additional privacy protections for data transferred from Europe to the US. <\/p>\n

The DPC found that Meta Ireland\u2019s use of Standard Contractual Clauses (SCCs) \u2013 a EU approved legal mechanism for transferring data to the US – together with supplementary measures, did not address \u201cthe risks to the fundamental rights and freedoms of data subjects that were identified by the CJEU in its judgment.\u201d<\/p>\n

Under the decision, Meta Ireland is required to suspend any future transfers of data to the US within five months.<\/p>\n

It has been given six months to bring its processing operations into compliance with the General Data Protection Regulation (GDPR), by ceasing unlawful processing and storage of EU personal data in the US transferred in violation of GDPR.<\/p>\n

\n

<\/i>Meta claims \u2018dangerous precedent\u2019<\/h3>\n

Meta said that it will appeal the ruling, including the \u201cunjustified and unnecessary fine\u201d, and will seek a stay of the orders through the courts.<\/p>\n

Writing in a blog post<\/a>, President, Global Affairs at Meta, Nick Clegg, and Chief Legal Officer Jennifer Newstead, said that the decision would create a dangerous precedent for other companies transferring data between the EU and the US.<\/p>\n

\u201cThis decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US,\u201d they said.<\/p>\n

The DPC found that Meta was in breach of a ruling by the European Court of Justice in 2020<\/a>, which struck down the US-EU data sharing agreement between the US and Europe, Privacy Shield. <\/p>\n

The 2020 decision introduced tougher requirements for companies using Standard Contractual Clauses as a legal basis to transfer data to the US.<\/p>\n

The court  found that people  must be given \u201cessentially equivalent protection\u201d for their data when it is transferred to the US and other countries, as they would receive in the EU under GDPR and the European Charter of Fundamental Rights<\/a>, which guarantees people the right for private communications and the protection of their private data.<\/p>\n<\/section>\n

\n

<\/i>Standard Contractual Clauses<\/h3>\n

The case will have a knock-on impact for companies that rely on EU Standard Contractual Clauses as a legal mechanism to transfer data from the EU to the US.<\/p>\n

It is also likely to put pressure on the EU and the US to finalise a new deal on data protection adequacy<\/a>, known as the Trans-Atlantic Data Privacy Framework.<\/p>\n

\u201cThe DPC\u2019s ruling that the standard contractual clauses are not a valid mechanism to transfer personal data to the US will have a significant impact on the ability of organisations of all shapes and sizes to lawfully share and receive data from Europe,\u201d said lawyer Edward Machin, at law firm Ropes & Gray\u2019s.<\/p>\n

\u201cIt will also kick off a race against time for lawmakers to finalise the EU-US data transfer framework before the end of the six-month transition period that the DPC has given Meta to bring its transfers into compliance,\u201d he added.<\/p>\n<\/section>\n

\n

<\/i>Ten year legal battle<\/h3>\n

The decision is the latest in a ten year legal battle between Austrian lawyer Max Schrems and Meta.<\/p>\n

 At its root is the discrepancy between EU Privacy laws and US surveillance laws, including the Foreign Intelligence Surveillance Act (FISA), which give US intelligence agencies sweeping powers to harvest the personal data and communications of non-US citizens.<\/p>\n

 Schrems said in a statement that US surveillance laws, including FISA 702, which permits targeting of non-US citizens outside the US, is also a problem for all other large US cloud providers, such as Microsoft, Google or Amazon.<\/p>\n

\u201cUnless US surveillance laws get fixed, Meta will have to fundamentally restructure its systems,\u201d he said.<\/p>\n

\u201cThere is an understanding on both sides of the Atlantic that we need probable cause and judicial approval of surveillance. It is time to grant these basic protections to EU customers of US cloud providers,\u201d he added.<\/p>\n<\/section>\n

\n

<\/i> Future of EU-US data protection<\/h3>\n

The Trans-Atlantic Data Privacy Framework is expected to come into force in the Summer, but is widely expected to face further legal challenges.<\/p>\n

 A legal challenge could result in the new framework being over-turned by the European Court, which has previously annulled its predecessor Privacy Shield in 2020<\/a> and Safe Harbor in 2015.<\/p>\n

Eddie Powell, data protection partner at London law firm Fladgate said that the size of Meta\u2019s fine reflected the fact that Meta\u2019s systems were structured so that the data collected on its social media platforms had to be sent to the USA \u201cwithout any kind of firebreak\u201d.<\/p>\n

But he said it that the fine, equivalent to about 1% of Meta\u2019s worldwide turnover, could have been significantly higher, up to a maximum of 4% of Meta\u2019s worldwide turnover. <\/p>\n<\/section>\n

\n

<\/i>Meta: \u2018serious questions\u2019 <\/h3>\n

Clegg and Newstead said in their blogpost that the DPC \u201cinitially acknowledged that Meta had continued its EU-US data transfers in good faith, and that a fine would be unnecessary and disproportionate\u201d but have been over-ruled by the European Data Protection Board,<\/p>\n

They argued that the EDPB, the independent European data protection regulator, had chosen to disregard the progress that policy makers were making to resolve the \u201cfundamental conflict\u201d between US government access to European data and the privacy rights of Europeans.<\/p>\n

The decision \u201craises serious questions about a regulatory process that enables the EDPB to overrule a lead regulator in this way, disregarding the findings of its multi-year inquiry without giving the company in question a right to be heard,\u201d they said.<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

Meta, the company which owns Facebook, has been fined \u20ac1.2 billion and has been ordered to suspend transfers of data from Facebook users in the Europe to the US. The fine, issued by the Irish Data Protection Commissioner, is the largest imposed by the European Union for breaching data protection regulations.  The decision is expected […]<\/p>\n","protected":false},"author":1,"featured_media":92030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-92029","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92029","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92029"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92029\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/92030"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}