Meta has been hit with a record €1.2 billion ($1.3 billion) fine by European privacy regulators for the transfer of user data from the European Union to the US.
The decision relates to a case brought by Australian privacy advocate Max Schrems, who alleged that the framework for transferring data from EU citizens to the US did not protect Europeans from US surveillance.
Various mechanisms for legally transferring personal data between the US and the EU have been questioned. The last such iteration, Privacy Shield, was struck down by the Court of Justice of the European Union, the EU’s supreme court, in 2020.
Last year, the US and the EU agreed “in principle” on a new framework for cross-border data transfers. However, the new pact has not yet entered into force.
The Irish Data Protection Commission that Meta’s overseas operations in the EU alleged that the company breached the bloc’s General Data Protection Regulation (GDPR) when it continued to send personal data of European citizens to the US.
GDPR is the EU’s historical data protection regulation that governs companies active in the block. It entered into force in 2018.
The penalty of 1,200 million euros for Meta is the highest sum that a company has received for infringing the GDPR. The previous largest fine was a €746 million charge for e-commerce giant Amazon for violating the GDPR in 2021.