Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.


Meta fined record $1.3 billion by EU over handling of Facebook user data

The social giant has been ordered to stop EU-to-US transfer of user data by October. This is how we got here and what happens next.
Written by Jada Jones, Associate Editor
Meta's HQ sign
Photo by JOSH EDELSON/AFP via Getty Images

European Union data regulators have hit Meta with a $1.3 billion fine (about €1.2 billion) and ordered the company to cease transferring EU Facebook user data to the US by October. The fine exceeds Amazon's $886 million fine from the EU for data protection violations in 2021.

Meta says it plans to appeal the ruling and seek a stay of the order. Meta is not a stranger to fines from the EU regarding data protection. WhatsApp, Facebook, and Instagram -- all properties of Meta -- have received hefty fines from EU data privacy regulators following violations.

According to Privacy Affairs, a data research firm that follows General Data Protection Regulation (GDPR) fines, Meta alone accounts for $2.5 billion, or over 50%, of the fines handed out to law violators. Meta's total GDPR violation fines outnumber those amassed by Amazon and Google combined, which totals over $800 million.

How long has this issue been going on?

In 2013, US whistleblower Edward Snowden leaked highly classified information about the National Security Agency's global surveillance programs, sparking discussions about Facebook's data handling policies. Snowden's revelations disclosed that Facebook provided the NSA and other US government agencies with European users' personal data.

Also: Best secure browsers for privacy

Immediately after the whistleblowing, Austrian lawyer and privacy activist Max Schrems began petitioning the EU courts to investigate further Facebook's data transfers from the EU to the US. 

Since then, EU regulators have made efforts to stop tech companies from transferring European user data to other countries. The EU has some of the most well-incorporated data protection laws that cover every citizen in every nation that belongs to the EU. The EU's GDPR regulates how much and what kind of personal data leaves the EU.

What law is the EU saying Meta violated?

The GDPR has clauses that allow tech companies like Facebook to operate within the EU under the condition that EU user data remains protected, even when it leaves the EU. But the laws are complex and sometimes difficult to enforce when EU web surfers use American social media sites, as the US has no federal laws to protect user data. 

Also: How to encrypt your email

For the last few years, the EU and the U.S. have attempted -- with no success - to find agreement on how to handle EU user data. Now, the courts are saying Facebook violated the GDPR's clauses by allowing EU Facebook users' data to be surveilled by the US. government. 

What does this lawsuit mean for Meta?

The Irish watchdog, Ireland's Data Protection Commission, is Meta's main privacy regulator within the EU because the company is headquartered in Dublin. In addition to the monetary fine, Meta was ordered to stop sending EU user data to the US. by October and to restructure its data storage methods by November to comply with the EU's privacy rules.

According to the Commission, Meta must stop the "unlawful processing, including storage, in the US," which means Meta would have to delete all of the EU user data it has. 

Also: The best VPNs for iPhone and iPad

Until 2020, Meta and the EU had an agreement about how to handle user data under a deal called Privacy Shield. Privacy Shield pertained to thousands of tech, auto, and financial companies and dictated how EU data was transferred to the US.

But in 2020, Privacy Shield was struck down by the EU's top court, ruling that the agreement still allowed the US government to access EU user data. Without Privacy Shield and without a new agreement, Meta's fate in the EU is unclear. 

Late last year, The European Commission announced that the EU and the US were drafting another deal like Privacy Shield, but this deal would include more legal protections and safeguards for EU user data. 

However, like any piece of legislation, drafting an agreement that both parties are happy with will take time and might not be ready before Meta's October deadline to cease data transfers. 

In Meta's latest earning report, the company said it may have to stop offering Facebook in Europe, "which would materially and adversely affect our business, financial condition, and results of operations." The company says that to continue operating in the EU, a deal between the EU and the US about user data storage must occur.

Also: 4 ways to secure your remote work setup

But according to EU lawmaker Axel Voss, Meta "cannot just blackmail the EU into giving up its data protection standards," he tweeted in response to Meta.

Some experts say that although Meta's $1.3 billion fine is hefty and the largest in EU data privacy suit history, the money is not Meta's biggest issue. Meta must reimagine its data transfer policies, which will prove difficult as the legal framework surrounding the issue is nonexistent in the US.

"This order to delete data is really a headache for Meta," said Johnny Ryan, senior fellow at the Irish Council for Civil Liberties. "It is very hard to see how it will be able to comply with that order."

On the other hand, some say the large fine shows tech companies that data privacy is something the EU takes very seriously.

Also: Don't get scammed by fake ChatGPT apps: Here's what to look for

"The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences," said Andrea Jelinek, the chairwoman of the European Data Protection Board.

Editorial standards