Irish data protection commissioner condemns the American for illegally transferring European user data to the United States.
By Ingrid Vergara
Published 2023-05-22 at 11:22 AM, updated on 2023-05-22 at 2:01 PM
The Irish Data Protection Authority (DPA) has just issued a record fine against Meta. The American company has been fined €1.2 billion for continuing to send data from European Facebook users to servers in the United States after an agreement between the two geographic areas known as the “Privacy Shield” was invalidated became. Never before has a company been sentenced to such a fine since the European regulation on the protection of personal data (GDPR) came into force five years ago. The DPA also requires Meta to “suspend all transfers of personal data to the United States within five months” of the announcement of its decision and to comply with the GDPR within six months. Meta denounces an “unjustified and unnecessary” fine and will appeal to the judiciary.
Earlier in this case, an Austrian lawyer, Max Schrems, a Facebook user, had filed a complaint against the company, believing that his data collected by Facebook Ireland, after being transmitted to Facebook Inc. in the United States, was at the mercy of local Authorities are at the mercy of applicable laws, such as the surveillance of electronic communications, or the Cloud Act, which grants the American National Security Agency (NSA) extensive powers. In 2013, whistleblower Edward Snowden revealed the extent of the agency’s surveillance program, which can access users’ personal information through companies like Facebook and Google.
In 2015, the European judiciary had invalidated a first agreement on data transfers between Europe and the United States (“Safe Harbor”), which had forced the European Commission and the United States to propose a new mechanism, the “Privacy Shield”. . , also challenged by the Court of Justice of the European Union in 2020.
In March 2022, the European Union and the United States announced that they had reached a new data transfer agreement, but the legal framework had not yet been adopted. “If the new agreement goes into effect before the deadline set by the DPA, our services can continue as before,” Meta said. But what happens to all European users of Facebook services if this is not the case? The insecurity is total. “There is a conflict of fundamental rights between the US government’s rules on data access and European data protection rights,” the US company added. The European Commission hopes to secure a data transfer deal with the United States by the summer, a spokesman said on Monday.
This was a “heavy blow for Meta”, NOYB, the association for the protection of Max Schrems’ privacy, reacted in a press release. Meta’s breaches of the GDPR “are very serious, since they are systematic, repetitive and continuous transfers,” responded Andrea Jelinek, President of the EDPB (the session of the CNIL of the EU), in a press release that forced the DPC to one to impose well in this case. This is “a strong signal to organizations that serious violations have serious consequences,” she added.