A record €1.2 billion fine against Facebook owner Meta for violating privacy law was imposed in the face of claims by Ireland’s data regulator that no financial sanction was needed.
The penalty against one of the world’s largest companies was imposed on Monday after Data Protection Commissioner Helen Dixon’s European counterparts dismissed her argument that a fine would have no “meaningful dissuasive effect” on Meta.
It was the biggest fine since Ms Dixon assumed sweeping powers in 2018 to supervise the European operations of large tech companies such as Meta, which have their EU headquarters in Ireland.
[ Explainer: Why has Meta been hit with a record fine?Opens in new window ]
[ Analysis: Meta’s record fine would break smaller firms Opens in new window ]
The regime was billed as a game-changer in the drive to control how business exploits consumers’ personal information, although critics say enforcement should be sharper and swifter.
Meta, which plans a court appeal against the ruling, claimed it was flawed and unjustified. But European regulators accused the company of “the highest degree of negligence” with personal data, as they instructed Ms Dixon to impose a large fine.
She is lead European Union regulator for Meta with responsibility for pan-European investigations into any violations of the data of hundreds of millions of users. Still, her conclusions must be approved by EU counterparts in a Brussels-based body called the European Data Protection Board (EDPB).
Records show Ms Dixon met a backlash from Austrian, German, French and Spanish regulators for saying there should be no financial penalty at all.
[ Meta headline obscures a deeper conflictOpens in new window ]
The case centres on Facebook transfers of personal data to the United States, in defiance of EU law after a 2020 European court ruling struck down the arrangements. The data included “photographs, videos or messages” and “everyday data of social interactions with family, friends, acquaintances and others”.
The social media giant, one of the State’s biggest taxpayers, has been directed to suspend any future transfers within five months. It must also cease within six months “unlawful” processing and storage in the US of European data.
The latest sanction against Meta brings its total EU sanctions for privacy violations to some €2.5 billion. But Ms Dixon had argued that a fine on top of an order to suspend the data transfers would not be proportionate.
“I expressed the view, in the draft decision, that the imposition of an administrative fine would not render the [Data Protection Commission’s] response to the findings of unlawfulness any more effective,” she said in case papers.
“Nor did I consider that, in the particular circumstances of this case, or in relation to transfers generally, the imposition of an administrative fine on top of the suspension would have any meaningful dissuasive effect.”
[ Why has Meta been hit with a record fine by the Data Protection Commission?Opens in new window ]
Such assertions met resistance from four other regulators, who insisted on a fine when the case went to the European board. That body agreed, saying a suspension order alone would “not be enough to produce the specific deterrence effect necessary to discourage Meta” from continuing the infringements.
“The [EDPB] considers that, taking into account the nature and scope of the processing, as well as the very high number of data subjects affected, Meta [Ireland] committed an infringement of significant nature, gravity and duration,” it said.
“The EDPB takes the view that the imposition of an administrative fine in addition to the suspension order would have an important deterrence effect, which the imposition of a suspension order alone cannot have.”