The European Data Protection Board (EDPB) has issued a binding decision to Facebook’s parent company Meta, ordering them to pay a record €1.3 billion fine for transferring the personal data of E.U. users to the U.S. without complying with the GDPR. Meta has been given six months to bring their data transfers into compliance and delete unlawfully stored and processed data, as well as five months to suspend any future transfer of Facebook users’ data to the U.S. Instagram and WhatsApp, which are also owned by Meta, are not subject to the order. This ruling stems from a legal complaint filed by Austrian privacy activist Maximilian Schrems almost a decade ago, due to the lack of equivalent privacy protections in the U.S. compared to the GDPR. Schrems has also accused the Irish Data Protection Commission (DPC) of attempting to block the case from going forward and shielding Meta from being fined. Meta has said they intend to appeal the ruling, calling the fine “unjustified and unnecessary” and that there is a “fundamental conflict of law” between the U.S. government’s rules on access to data and European privacy rights. The company has also warned that if ordered to suspend transfers to the U.S., it may have to stop offering “a number of our most significant products and services” in the E.U. This fine constitutes the largest ever imposed under the E.U.’s GDPR privacy laws and marks the third monetary penalty issued by the DPC this year. A new trans-Atlantic data transfer deal is expected to be finalized as a replacement for the Privacy Shield later this year, and Meta plans to rely on the new deal for transfers going forward. However, Schrems has warned that unless U.S. surveillance laws get fixed, Meta will likely have to keep E.U. data in the EU.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.