Facebook has been hit with a heavy fine for allegedly violating Irish Data Protection Commission’s (DPC) rule by transferring data belonging to the European country to the US without following the data protection safeguards.
About $1.3 Billion are to be paid by Facebook as a result of this fine as a result of their failure to “address the risks and freedoms” of European Facebook users. Also in addition to this, Facebook has been given five months to stop the transfer of Facebook data to the US via so-called Standard Contractual Clauses (SCCs).
SCCs, since the Court of Justice of the European Union (CJEU) ruled in 2020 on the Privacy Shield agreement which was meant to aid in the use of transferring data by companies from the EU to the US, though the EU did not sufficiently protect data from US spy agencies. The ruling in 2020, struck down the agreement and tightened agreement and tightened requirements around the use of SCCs, a separate legal tool that was also being widely used by companies to transfer data to the US.
Ireland’s DPC noted that in its suit to strike down Privacy Shield and tighten rules around SCCs, THE CJEU said that “Data controllers or based on SCC that intend to transfer data based on SCCs must ensure that the data subject is granted a level of protection essentially equivalent to that guaranteed by the General Data Protection Regulation (GDPR) and the EU Chapter of Fundamental Rights (CFR)
However, the DPC said that Meta’s SCCs do not protect EU citizens’ data from the US government’s mass surveillance programs, potentially calling into question the ability of any company to transfer EU citizens’ data to the US
Among other issues, “There were no avenues for either EU or US data subjects to be informed of whether their personal data was being collected or further processed and no opportunities to obtain access, rectification, or erasure of data, “the DPC said.
The “fundamental conflict of law” that exists between the US government’s rules on access to data and the privacy rights of Europeans is not one that Meta or any other business could resolve on its own, Nick Clegg, former leader of the UK’s Liberal Democrats political party and current Meta president of global affairs, and Jennifer Newstead, chief legal officer”
As it stands, Meta’s only commercially viable option appears is to appeal to the courts in an attempt to further delay the implementation of the decision, in the meantime, it will be hoping that the EU and US agree on a mechanism