The penalty comes under the European Union-wide GDPR (general data protection regulation) and concerns Meta Ireland’s transfer of Facebook service personal data from the EU/EEA to the United States. See also the finding on the website of the European Data Protection Board. Meta said that it would appeal the ruling, including what it termed the unjustified and unnecessary fine, and would seek a stay of the orders through the courts.
Richard Hollis, CEO of Risk Crew, called it a potentially game changing fine. “It clearly signals that serious infringements bear serious consequences and also demonstrates how legislation is defining borders on the internet by mandating that data is stored within the country where it is collected, rather than allowing it to move freely through data centres across the world.
“The fine also contradicts the popular view that data protection legislation is toothless, and fines are too small to effect any real change in the way businesses protect our data – but a change in Meta’s behavior will have a real and substantial impact on the way all businesses protect data. As a result, this could be a data protection milestone.”