As part of the fifth anniversary of the General Data Protection Regulation (GDPR), which has been in force since May 25, 2018, the Meta Group has received a record fine. The Irish Data Protection Commission (DPC) announced on May 22 that the Facebook and Instagram parent company should pay 1.2 billion euros for breaching the GDPR.

It found that Facebook had not taken sufficient precautions to protect “the risks to the fundamental rights and freedoms” of EU citizens. In addition to the fine, Facebook was given a period of five months to stop future data transfers to the United States. A period of six months is required to stop “illegal processing, including storage, of personal data” from EU users.

Meta, in turn, has announced that it will appeal. According to a statement from Mark Zuckerberg’s (39) group, the orders could allegedly also harm “the millions of people who use Facebook every day”. Meta is “disappointed” to have been singled out, even if it uses the same mechanisms as “thousands of other companies that want to offer services in Europe.”

The fine of 1.2 billion euros imposed is the highest to date for a violation of the GDPR. In 2021, the Luxembourg authority CNPD imposed a 746 million euro fine on Amazon.

The dispute is based on the revelations of whistleblower Edward Snowden (39), who publicized mass surveillance by US secret services around ten years ago. The Austrian data protection activist Max Schrems had complained to the European Court of Justice (ECJ), which, among other things, led to the termination of the transatlantic data protection agreement “Privacy Shield” in 2020.