Meta at its headquarters in Menlo Park, California, USA on November 14, 2022.
Tayfun Coskun | Anadolu Agency | Getty Images
One of the EU’s top data privacy regulators on Wednesday defended its decision to fine Meta a record 1.2 billion euros ($1.3 billion), saying she must enforce the law under existing regulations.
Irish Data Protection Commissioner Helen Dixon, who is the lead regulator for Meta and several other large US tech companies, said the regulator decided to consider the existing EU-US framework for data transfers.
“I have to enforce the law as it stands,” Dixon said in an interview on CNBC’s “Global Communications” Wednesday.
On Monday, Meta was fined a record 1.2 billion euros ($1.3 billion) by the Irish Data Protection Commission for breaching the European Union’s strict data privacy rules known as the General Data Protection Regulation.
GDPR is a landmark data protection regulation that governs companies in the European Union. It came into force in May 2018. Since then, EU privacy regulators have imposed some dizzying fines on major US tech companies, including $887 million in fines against Amazon in Luxembourg and $267 million in fines against WhatsApp in Ireland. Meta’s fine on Monday was its largest to date.
Several mechanisms for the legal transfer of personal data between the United States and the European Union have been controversial. The latest such iteration, Privacy Shield, was struck down by the European Union’s top court, the European Court of Justice, in 2020.
The Irish Data Protection Commission, which oversees the EU’s Meta business, accused the company of breaching the EU’s GDPR, and despite a 2020 European Court of Justice ruling, the company continued to send European citizens’ personal data to the US.
Irish regulators also announced that Meta would not be allowed to continue sharing data about Europeans with the US, a decision that could disrupt business and could force the company to move all its storage and processing of European data locally in the EU.
EU and U.S. officials have been trying to agree a framework to replace Privacy Shield, and reports suggest a replacement for the mechanism could be approved this summer. According to Meta, this will allow the company to continue sharing data of EU citizens with its US-based facilities as usual.
Asked why the regulator chose to make a decision now, Dixon said, “The point is, it’s not yet in effect.”
She added, “This new agreement, called the European Data Privacy Framework, is still up in the air. It wasn’t really there when I concluded my investigation last summer. So I have to enforce the law as it was then.”
Before Monday, Meta was recently fined $414 million for separate GDPR violations on its WhatsApp and Instagram apps in January. Monday’s Meta fine is the largest to date since the EU’s GDPR came into force. Meta said it planned to appeal the decision and the fine.
– CNBC’s Arjun Kharpal contributed to this report