Forced By EU To Pay Fines Of IDR 19.3 Trillion Due To Data Transfer Violations, Meta: Defect Decision!
JAKARTA - The European Data Protection Council (EDPB) firmly ordered Meta to pay a fine of US$1.2 billion (Rp19.3 trillion) for mishandling user personal information.
The fine was issued by the Irish Data Protection Commission (DPC), which regulates Meta's Facebook throughout the European Union. According to him, the company has violated the General Data Protection Regulation (GDPR) by transferring personal data to the United States (US).
Irish regulators stated that Meta does not address the risks to the basic rights and freedoms of EU users. This is the largest GDPR fine ever.
Previously, Irish regulators had fined Amazon 746 million euros (IDR 12.0 trillion) in 2021 for a similar privacy breach.
"The EDPB found that the [Ireland] Meta IE violation was very serious because it involved systematic, repetitive, and sustainable transfers," said EDPB Chair Andrea Jelinek in his announcement.
"Facebooks have millions of users in Europe, so the volume of transferred personal data is huge. An unprecedented fine is a strong signal for organizations that serious violations have far-reaching consequences", he added.
In addition to fines, Meta is also given five months to suspend private data transfers to the US in the future, and six months to end unlawful processing, including storage in the US from transferred personal data.
Meta Responds To The European Union's Trillion Fine
Responding to this new fine, Meta called it a flawed decision and would not remain silent by filing an appeal.
"This decision is flawed, unjustified, and is a dangerous precedent for many other companies that transfer data between the EU and the US," said Facebook Global Affairs President Nick Clegg in a blog post.
"We will appeal against the decision, including fines that cannot be justified and unnecessary, and request a postponement of the order through the court," he added.
Clegg also said there was a fundamental legal conflict between US government rules regarding access to European data and privacy rights. Meanwhile, EU and US officials have negotiated an agreement on data transfer.
"If the delayed EU-US Data Privacy Framework takes effect before the deadline for implementation ends, our service can continue as it is now without any interference or impact on users," Clegg said.
Facebook is not alone, Instagram and WhatsApp, which Meta also owns, are not subject to the order. Thus, Irish regulators also fined WhatsApp for violating strict regulations regarding data transparency shared with other subsidiaries.
Repeated Cases
The previous mechanism for legally transferring personal data between the US and the EU, known as the Privacy Shield Shield. However, it was canceled by the EU block's top court in 2020.
Soon, Irish regulators accused Meta of violating the GDPR law at the time, for continuing to transfer personal data to the US after 2020 even though the court's decision was out.
Then, this issue lasted for a decade after a lawsuit filed by Austrian privacy activist Max Schrems against Facebook in 2013.
This is based on concerns caused by the disclosure of former US National Security Agency contractor Edward Snowden, where EU user data is not adequately protected from US intelligence agencies when transferred across the Atlantic.
Europe's highest court, the European Justice Court (ECJ), has also repeatedly revealed the US has inadequate checks to protect European information.
And in 2020, the ECJ ruled that the EU-to-US data transfer agreement was invalid. This was quoted from BBC International and MacRumors, Tuesday, May 23.