Facebook has been hit with a record €1.2 billion fine by its lead European Union privacy regulator, the Irish Data Protection Commissioner (DPC), for its handling of user information. The fine, which tops the previous record EU privacy fine of €746 million handed to Amazon.com Inc in 2021, comes after Facebook continued to transfer data beyond a 2020 EU court ruling that invalidated an EU-U.S. data transfer pact.
The battle over where Facebook stores its data began a decade ago after Austrian privacy campaigner Max Schrems brought a legal challenge over the risk of U.S. snooping in light of disclosures by former U.S. National Security Agency contractor Edward Snowden. Facebook has said it will appeal the ruling, including the “unjustified and unnecessary fine” and has been given five months to stop transferring users’ data to the United States.
The Irish watchdog has said the suspension order could create a precedent for other firms and has now fined Facebook a total of €2.5 billion for breaches under the bloc’s General Data Protection Regulation’s (GDPR). Schrems has said that the new data protection framework agreed by Brussels and Washington in March 2022 may be ready by July, but warned that unless U.S. surveillance laws are fixed, Facebook will likely have to keep EU data in the EU.