Meta, the parent company of Facebook, has been fined €1.2 billion ($1.3 billion) by the European Union (EU) for breaching the General Data Protection Regulation (GDPR). The fine comes as a result of Meta’s failure to adequately protect European users’ personal data from American security services’ surveillance activities.

Record-breaking GDPR fine for exporting European data to the US

The Irish Data Protection Commission, which made the decision, stated that Meta’s data transfers to the United States did not sufficiently address the risks to individuals’ fundamental rights and freedoms. The company used standard contractual clauses (SCCs) to transfer data to the US, but these measures were deemed inadequate following a ruling by the EU’s highest court.

In addition to the record-breaking fine, Meta has been given a five-month deadline to halt any future transfer of personal data to the US and a six-month deadline to stop the unlawful processing and storage of transferred personal data from the EU in the US.

This decision is part of an ongoing dispute that has created legal uncertainty for Facebook and other companies. The EU’s highest court invalidated an EU-US agreement governing data transfers in 2020 due to concerns about data protection in the US. Subsequently, the Irish authority ordered Facebook to cease transferring data to the US using alternative mechanisms like contractual clauses.

Efforts have been made to establish a new EU-US data flows agreement, and a replacement for the defunct “Privacy Shield” agreement was proposed in December 2022. The fine imposed on Meta coincides with the fifth anniversary of the GDPR, which is considered the global standard for privacy protection.

Meta intends to challenge the decision and the fine, emphasizing the potential harm to millions of people who use Facebook every day. The company warns that if it is forced to stop using contractual clauses without a suitable alternative, it may have to shut down services like Facebook and Instagram in Europe.

Under the GDPR, EU regulators have the authority to impose fines of up to 4% of a company’s annual revenue for severe violations. The Irish Data Protection Commission has become the leading privacy regulator for major tech companies with an EU presence, including Meta and Apple.

RELATED:

• Meta’s Massively Multilingual Speech to Redefine Boundaries of Language
• Meta reportedly in talks to license Magic Leap’s AR technology
• Instagram was Down for Hundreds of Thousands of Users Worldwide
• Best Gaming Controllers of 2023: Enhance Your Gaming Experience

(Source)

The post Meta slapped with €1.2 billion fine by EU for GDPR breaches appeared first on Gizmochina.

WhatsApp, the instant messaging platform owned by Facebook, has been fined 225 million euros (approximately $267 million) by a data watchdog in Ireland for breaking the EU data privacy rules. This makes it the largest penalty handed out by the Irish data regulatory over General Data Protection Regulation (GDPR) violation and the second-largest in EU.

Data Protection Commission of Ireland says that the Facebook-owned WhatsApp failed to tell its European Union citizens about what the company does with the data collection of the user, including how the details are collected and users, as well as how WhatsApp shares the user data with Facebook.

The Irish authority had originally asked WhatsApp for a €50 million fine for breaking GDPR, but other data protection agencies pushing for a stiffer penalty. Now, the fine levied is more than four times the originally proposed.

In its order, the commission asked WhatsApp to tweak its privacy policies and how it communicates with users in order to make the platform compliant with Europe’s privacy law. This means that the messaging service may need to expand its privacy policy.

WhatsApp has said that the company will be filing an appeal over this verdict. The company’s spokesperson added, “WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

The company has revealed on its website that it shares information like phone numbers, transaction data, business interactions, mobile device information, IP addresses, and other information with Facebook. The firm emphasizes that it does not share personal conversations, location data, or call logs.

RELATED: 

• WhatsApp to finally bring Chat Transfer feature between iOS and Android
• Flipkart and its founders could be fined $1.35 billion for violating foreign investment laws
• WhatsApp to soon get multi-device support, disappearing mode, and view once features
• Alibaba fined $2.75 billion in China for violating anti-monopoly rules
• Brazilian state fines Apple $2 million for selling iPhone 12 without a charger

The post WhatsApp fined €225 million for breaching EU data privacy rules appeared first on Gizmochina.

Twitter has been slapped with a fine over a bug that made private tweets appear public. This marks the first-ever sanction against a cross-border firm after the new GDPR dispute resolution mechanism. What’s more surprising is that the bug had occurred in early 2019.

As Reuters reports, Ireland’s DPC(Data Protection Commission) has imposed a fine of 450,000 euros ($547,000) on Twitter. Besides, this is a result of a 2019 investigation according to which Twitter violates Article 33(1) and 33(5) of the GDPR. Precisely, some of the users’ private protected tweets became public due to an Android App bug.

This doesn’t go well with the DPC as GDPR law requires a company to notify the breach of privacy on time(within 72 hours) and document it properly(scope of vulnerable data, security measures, etc.,). However, Twitter has responded to this saying that it occurred due to an “unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day”.

EDITOR’S PICK: Elon Musk, Barack Obama, Bill Gates, among others affected by the Biggest Twitter Hack in recent history

For the unware, GDPR is Europe’s General Data Protection Regulation. Made in 2016, the new law is in force since May 2018. Its scope widens to the European Union and the European Economic Area. DPC, on the other hand, is a lead privacy supervisor for many tech giants including Apple, Twitter, Facebook, Google in the EU region.

The Irish watchdog already has a total of 20+ cases pending so far. Generally, it has the power to impose a fine up to 4% of a company’s global revenue or €20 million, whichever is higher. Plus, the new sanction is the first against a US firm after the new Dispute resolution system as mentioned above.

Accordingly, it empowers a national regulator to make a decision before consulting with other regulators of the EU. Anyway, Twitter’s response to the final ruling also says that it is fully responsible for this mistake and remains fully committed to protecting the privacy and data of our customers.

UP NEXT: Huawei launches new AppGallery promotion to support businesses during pandemic

The post Ireland’s DPC imposes a €450,000 fine on Twitter over an early 2019 bug appeared first on Gizmochina.