Facebook hit with record fine for EU data breach

Briefly: Tech giant Meta has been hit with a record €1.2B ($1.3B) fine by Irish regulators and ordered to suspend all EU user data transfers to the US. The penalty is the biggest fine in EU data protection history.

Regulatoooors (sorry, big Warren G fans here) accuse Facebook of unlawfully transferring data from European users to the US, where the company’s vast ad-targeting operation is headquartered.

This week’s ruling was in response to a 2013 lawsuit filed after Edward Snowden leaked ~1.7 million classified US files. The litigant (a privacy activist) argued the US offered no protection against surveillance of EU data.

Since then, Brussels has been wary of sending yottabytes (yep) of Europeans’ data across the Atlantic. And attempts to hash out a deal keep getting quashed:

• An EU court struck down one US-EU deal in 2020 for being too lax
• EU officials are still scrutinising another deal reached last year, and
• This week’s decision says Meta can’t rely on standard contractual clauses either…

Intrigue’s take: If you share Intrigue on Facebook (please do), and someone across the Atlantic ‘likes’ it (please do), where does that data get stored? And how? Traditionally, US firms have often just stored it in the US under US law.

But this week’s EU ruling potentially changes all that.

And while engineers figure out the specifics (new data centres? end-to-end encryption?), boardrooms will be coming to a stark realisation: they can no longer assume the whole world is their market.

Also worth noting:

• Meta’s head of global affairs is Nick Clegg, the UK’s former deputy prime minister. He’s said the company is appealing this week’s decision.
• Meta has previously suggested it might pull out of the EU if regulators ban data transfers to the US. Others assess this is unlikely, as Meta generates a quarter of its $114B revenue in Europe.
• Meta says it has 21 data centres around the world: 17 in the US, plus one each in Denmark, Ireland, Sweden and Singapore.