Meta Platforms
Issued by Data Protection Commission (DPC) on 2023-05-22
What happened
The Irish DPC fined Meta €1.2 billion for transferring EU user data to the United States without adequate safeguards following the Schrems II ruling. Meta continued relying on Standard Contractual Clauses (SCCs) despite the CJEU finding that US surveillance laws did not provide adequate protection for EU citizens' data. This is the largest GDPR fine ever issued.
Articles violated
Lessons learned
Companies transferring personal data outside the EU must ensure the destination country provides adequate protection or implement supplementary measures beyond SCCs. The Schrems II ruling fundamentally changed transatlantic data transfers — relying solely on SCCs is insufficient when the recipient country's surveillance laws conflict with EU data protection standards.
Source
View original decisionDisclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.
Get enforcement alerts for Technology
We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.