Meta, the owner of WhatsApp, Instagram and Facebook, has been handed a record €1.2 billion fine for violating European privacy rules by Ireland’s data regulator.

Meta has been fined for transferring EU users' data to the United States for processing, despite a 2020 European ruling saying the data was insufficiently protected from US spying agencies.

The decision takes total penalties against the company to more than €2 billion with Meta ordered it to stop moving EU personal data to the United States. The latest fine is the sixth EU general data protection regulation (GDPR) penalty against Meta and its subsidiaries in Ireland, the first five of cost the group just over €1 billion.

The ruling is in a landmark decision by Helen Dixon, the Irish Data Protection Commissioner (DPC), and follow a lengthy investigation that began in August 2020.

Significantly, the Irish Commissioner had not intended to impose a financial penalty but it was reported she was“instructed” to impose a fine after a dispute resolution process at the European Data Protection Board.

As a result, Meta has been directed to suspend any future Facebook data transfers within five months and told to cease within six months the “unlawful processing, including storage, in the US” of European data transferred in violation of EU law. It means the data of EU residents in the United States will have to be deleted or moved back to Europe.

Mark Dutton, director W Denis, said: “The fine has potential ramifications for both Cyber (civil fine) exposures as well as Directors & Officers who may also find they face subsequent claims, especially from disgruntled shareholders, if the Meta share price drops in consequence of this.”

The decision is based on the Schrems II ruling of the EU Court of Justice, which found that the US legal regime does not provide adequate data protection by EU standards due to the disproportionate and unchallengeable access of intelligence services.

Meta said there would be no immediate disruption to Facebook in Europe with Nick Clegg, Meta’s head of global affairs, stating the company was “disappointed to have been singled out” for using what he described as the “same legal mechanism” as thousands of other groups providing services in Europe.

He said: “This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US.”

W Denis Europe arranges comprehensive insurance for EEA based businesses, large and small, including, Data Protection Infringement Cover, Cyber, Errors & Omissions, Directors & Officers Liability and much more. If you wish to discuss your insurance requirements, please visit www.wdenis.eu or contact Vida Jarašiūnaitė vida.jarasiunaite@wdenis.eu or Mark Dutton mark.dutton@wdenis.com