Over the past ten years, Meta has played with fire by ignoring the Court of Justice of the European Union (CJEU) and the European Data Protection Committee (EDPB). Now, an exemplary penalty will force the parent company of Facebook to stop any transfer of personal data of European citizens to the United States and to return this data to European territory. The fine, imposed by the Irish data protection authority (CPD) at the behest of the European Committee, is already a record: 1.2 billion euros, which exceeds the 746 million with which Amazon was sanctioned for the same reason. In addition, authorities have given it five months to stop transferring user data to the US. Meta will appeal against the decision.
In July 2020, the Court of Justice of the European Union (CJEU) found that the transfer of data to US providers violates the European Union’s General Data Protection Regulation (GDPR) and voided an agreement of transfers between the EU and the United States called Privacy Shield. This treaty replaced another agreement called Safe Harbor, which had already been canceled in 2015.
Since the European court ruled in July 2020, Facebook and other tech giants, such as Microsoft, Amazon and Google, have sought support in so-called “type contractual clauses (CCS)” to continue data transfers and maintain the databases of its European customers. These are clauses approved by the European Commission that must be included in international data transfer contracts between any of the 27 EU countries (in addition to Liechtenstein, Norway and Iceland) to another country, such as the United States.
Meta is pending a new data transfer agreement between the EU and the US which is well advanced and likely to enter into force after the summer. In any case, there is no guarantee that, as happened with Privacy Shield and Safe Harbor, it will end up being invalidated by the courts. These European court rulings have retroactive effect.
In all the litigation, started by the Austrian activist Max Schrems, the data protection authority of Ireland (CPD), where Meta has its European headquarters, has put numerous obstacles in order for the American technology to be sanctioned.
The Irish regulatory body tried to prevent the complaint of Max Schrems to the American company, after considering that he made use of the standard clauses. According to Meta, the regulator considered that he had “acted in good faith and that a fine was not justified”, but “was disallowed at the last minute by the European Data Protection Committee”.
“We are appealing against these decisions and will immediately ask the courts to suspend the application deadlines, given the harm that these orders would cause, even to the millions of people who use Facebook every day,” said Nick Clegg yesterday, the president of Meta, in a press release.
The company alleged that it “uses the same legal mechanisms as other organizations” and that the legal conflict between the EU and the United States is something that neither Meta nor any other company could resolve on its own. “Therefore, we are disappointed to have been singled out for using the same legal mechanism as thousands of other companies that seek to provide services in Europe”, he lamented.
Clegg stated that “at a time when the internet is fracturing under the pressure of authoritarian regimes, like-minded democracies must work together to promote and defend the idea of ​​an open internet”. Unlike the threat a year ago, when Mark Zuckerberg hinted that he might leave Europe if his use of data was restricted, Meta does not plan to disrupt Facebook’s activity in the EU, “because the decision includes periods of application that extend until the end of this year”.
“We intend – assures the president of the company – to appeal both the substance of the decision and its orders, including the fine, and we will seek a suspension through the courts to interrupt the application deadlines .