European data protection board slams 1.2 billion euros fine against Meta

Meta was fined €1.2 billion by the European Data Protection Board (EDPB) for violating the General Data Protection Regulation (GDPR). This was the heaviest fine ever imposed under the European GDPR.

Meta is accused of violating the standards outlined in the pan-EU rule controlling transfers of personal data to third nations without providing necessary safeguards for people’s data. In addition, the corporation was ordered to halt transferring European Union user data to the United States for processing in accordance with the GDPR.

Serious infringement

Announcing the sanction, EDPB’s Chairman, Andrea Jelinek, said:

• “The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive, and continuous. Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences.”

In its binding decision earlier on 13 April 2023, the EDPB instructed the IE DPA to amend its draft decision and to impose a fine on Meta.

• “Given the seriousness of the infringement, the EDPB found that the starting point for calculation of the fine should be between 20% and 100% of the applicable legal maximum. The EDPB also instructed the IE DPA to order Meta IE to bring processing operations into compliance with Chapter V GDPR, by ceasing the unlawful processing, including storage, in the U.S. of personal data of European users transferred in violation of the GDPR, within 6 months after notification of the IE SA’s final decision,” Jalinek added.

Last April, Meta had warned investors that around 10% of its global ad revenue would be at risk if the EU data flows suspension were to be implemented. That fear has now come to reality with Monday’s pronouncement by the EDPB.

What you should know

The General Data Protection Regulation (GDPR) is a Regulation in EU law on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union.

It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to enhance individuals’ control and rights over their personal data and to simplify the regulatory environment for international business.

Nigeria 2019 also came up with the National Data Protection Regulation (NDPR), which is fashioned after the GDPR with the aim of protecting Nigerians’ data. However, not much has been achieved with the implementation of the regulation, thus there has been a clamor for a substantive data protection law.