Meta Fails Yet Again To Protect Users Data in Major New €1.3B GDPR Order

22 May 2023 — Today’s announcement by the Ireland Data Protection Commission (DPC) ordering Facebook to cease transatlantic data transfers from the E.U. and U.S. and imposition of a major fine reflects the company’s continuous failure to secure the data of its users and comply with regulators. Meta is one of a few large companies that rely on contractual clauses to allow unfettered access to users’ data. Fines may not force Meta to change its behavior, but they are a critical reminder that the company has been found, yet again, to have broken the law.

While today’s €1.3 billion ($1.405 billion) fine by Irish DPC is a victory; Meta’s likely appeal will further delay accountability for its failure to comply with GDPR standards.

We are equally as concerned about the intervention required by the European Data Protection Board to compel the Irish DPC to impose this order and fine. We applaud the action of the European Data Protection Board, and urge continued vigilance by regulatory bodies worldwide, including the Irish DPC, to hold Meta and Big Tech accountable.