The head of the European Union’s data privacy regulator on Wednesday defended its decision to fine Meta a record €1.2 billion ($1.3 billion), saying the company will have to enforce the law based on existing regulations. said there was
Irish Data Protection Commissioner Helen Dixon, the lead regulator for Meta and several other big US tech companies, said regulators should consider the existing EU-US data transfer framework when making decisions. said it went down.
“We have to enforce the law as it was at the time,” Dixon said Wednesday in an interview with CNBC’s Worldwide Exchange.
Meta was fined a record €1.2 billion ($1.3 billion) by the Irish Data Protection Commission on Monday for violating the EU’s toughest rules on data privacy, known as the General Data Protection Regulation.
GDPR is a landmark data protection regulation governing businesses in the region. This law came into force in May 2018. Since then, EU privacy regulators have issued several eye-popping fines to big US tech companies, including a $887 million fine against Luxembourg’s Amazon and a $267 million fine against Ireland’s WhatsApp. imposes fines. Monday’s meta fines will be the highest ever.
Several mechanisms for the lawful transfer of personal data between the US and EU have been contested. The latest such iteration, the Privacy Shield, was revoked by the European Court of Justice, the Supreme Court of the EU, in 2020.
The Irish Data Protection Commission, which oversees meta businesses within the EU, said the company violated the EU’s GDPR by continuing to send personal data of European citizens to the United States despite a 2020 European Court ruling. claimed to be.
Irish regulators have also announced that Meta will not be allowed to continue sharing data on Europeans with the United States, a decision that could have devastating consequences for its business, and Meta will It may be forced to move all storage and processing of European data within the EU.
EU and U.S. officials are working to reach an agreement on a replacement framework for the Privacy Shield, with reports suggesting that a replacement framework could be approved by the summer. Mehta said this allowed the company to continue sharing data about EU citizens with its facilities in the US as usual.
Asked why regulators chose to make a decision now, even though more regulations are about to be introduced, Dixon said, “The important thing is that the regulations are not yet in force. That’s what it means,” he said.
She added, “This new agreement, called the European Data Privacy Framework, is still pending, and when I finished my research last summer, it wasn’t really on the horizon. So the law had to be enforced as is,” he added. at the time. “
Prior to Monday, Meta was just recently fined $414 million for separate GDPR violations on its WhatsApp and Instagram apps in January. Monday’s meta fine is the highest ever since the EU’s GDPR took effect. Meta said it plans to appeal the decision and the fine.
– CNBC’s Arjun Kharpal contributed to this report