Facebook Fined More Than $1 Billion

Facebook's parent company Meta has been fined more than a billion dollars for failing to protect user data. The case involves the way Facebook transfers customer data between Europe and the United States.

Under the European Union's privacy rules, businesses are restricted in the way they transfer personal data to non-EU countries. In principle this can only happen when the non-EU country has laws that offer a similar level of privacy data protection.

Some counties have a "data adequacy" agreement with the EU, meaning the country's privacy rules are officially classed as strong enough. In these cases businesses can transfer the data to such countries without any legal question.

The EU and US has twice reached such an agreement only for it to be overturned by courts. They've rule that the US does not offer enough protection for personal privacy. One of those rulings followed the revelations by Edward Snowden that the US government had secretly accessed data through Facebook. (Source: bbc.co.uk)

Contracts Not Tough Enough

For countries without a data adequacy agreement, businesses can only transfer the data using contracts that mean the recipient (in this case Facebook's US operation) must legally guarantee to handle the data in line with European rules.

Data regulators in Ireland have now decided that Facebook's contract guarantees are not strong enough. Facebook must pay a fine of $1.2 billion USD and stop transferring data to the US within six months. It must also delete any data about European customers stored on US servers within six months.

Facebook To Appeal

Facebook plans to challenge both the ruling and the size of the fine. In the meantime it's hoping ongoing talks for a third data adequacy agreement between the US and Europe lead to a deal before the deadline to stop transferring data.

It's also suggested if that doesn't happen, it might pull out of the European market altogether. That threat isn't taken seriously by many, but the case has prompted debate about whether differing regulations in different countries make it too hard to build major Internet services aimed at a global audience. (Source: theguardian.com)

What's Your Opinion?

Do you think the US offers adequate data privacy protection? Is the amount of the fine reasonable given Facebook's size? How should national laws affect global Internet sites?