• alyaza [they/she]OPM
    link
    fedilink
    411 months ago

    Ireland’s Data Protection Commission, which oversees the General Data Protection Regulation, on Monday handed down the fine for Meta, saying that Facebook had violated its rules requiring platforms to ensure data transfers from Europe to the US have appropriate safeguards in place.

    Instead, the DPC found that the platform’s EU-US data flows had relied on contractual clauses that “did not address the risks to the fundamental rights and freedoms” of users, despite an earlier judgment from the EU’s Court of Justice mandating that it better protect individuals’ information from invasive US surveillance programmes. The record EU fine over privacy violations comes after the Luxembourg regulator levied a €746mn sanction on Amazon in 2021.

    According to the DPC, Facebook’s EU operation also has five months to “suspend any future transfer of personal data to the US” and six months to cease the processing — including storage — of any European citizens’ personal information in the US that was previously transferred in violation of GDPR.