A wake-up call for privacy compliance
May 26 2023
privacy compliance

The Irish Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited (Meta IE), the company behind Facebook, a significant amount of 1.2 billion euros for unlawfully processing users’ personal data. The DPC found that Meta IE violated European General Data Protection Regulation (GDPR) standards by consistently transferring personal data to the United States using standard contractual clauses. This penalty serves as a strong warning to other organizations about the consequences of breaching GDPR regulations.

The president of the European Data Protection Board (EDPB), Andrea Jelinek, emphasized the seriousness of Meta IE’s infringement, given the large volumes of personal data involved. The DPC’s decision includes instructions from the European Data Protection Supervisor (CEPD), stating that the penalty should range between 20% and 100% of the maximum legal limit. Meta IE has been ordered to halt the unlawful processing of European users’ personal data, including storage in the U.S., within six months to achieve GDPR compliance.

This case highlights the significance of adhering to privacy regulations, regardless of an organization’s size. The outcome will have implications for data protection enforcement and emphasizes the importance of respecting users’ personal data in today’s digital landscape.