Facebook to be fined £648m for mishandling user information

theguardian.com:

Facebook is to be fined more than €746m (£648m) and ordered to suspend data transfers to the US as an Irish regulator prepares to punish the social media network for its handling of user information.

The fine, first reported by Bloomberg and expected to be confirmed as soon as Monday, will set a record for a breach of the EU’s general data protection regulation, beating the €746m levied on Amazon by Luxembourg in 2021.

The decision by Ireland’s Data Protection Commission, which is the lead privacy regulator for Facebook and its owner Meta across the EU, is also expected to pause transfers of data from Facebook’s European users to the US.

The ruling is unlikely to take effect immediately. Meta is expected to be given a grace period to comply with the decision, which could push any suspension into the autumn, and the company is expected to appeal against the decision.

The ruling relates to a legal challenge brought by an Austrian privacy campaigner, Max Schrems, over concerns resulting from the Edward Snowden revelations that European users’ data is not sufficiently protected from US intelligence agencies when it is transferred across the Atlantic.

Writing in 2020, Meta’s policy chief, Nick Clegg, said suspending data transfers on the basis of standard contractual clauses – a mechanism used by Facebook and others – could have “a far-reaching effect on businesses that rely on SCCs and on the online services many people and businesses rely on”.

In Meta’s most recent quarterly results, the company said that without SCCs or “other alternative means of data transfers” it would “likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe”.

Johnny Ryan, a senior fellow at