Facebook — Enforcement
Executive Summary
The Irish DPC fined Meta a record €1.2 billion for transferring EU/EEA users' personal data to the United States without adequate safeguards following the CJEU's Schrems II ruling. Meta was ordered to suspend US data transfers within five months.
What Happened
On May 22, 2023, Ireland's Data Protection Commission announced it had fined Meta Platforms Ireland Limited a record €1.2 billion for violating GDPR Article 46(1) by transferring EU/EEA users' personal data to the United States without adequate safeguards. The violation occurred after the Court of Justice of the European Union's 2020 Schrems II ruling, despite Meta using updated Standard Contractual Clauses and supplementary measures that the regulator found insufficient to address risks to users' fundamental rights. Meta was ordered to cease unlawful processing and storage of European users' data in the US within six months and to suspend data transfers within five months.
Who Is Affected
All Facebook users in the European Union and European Economic Area are affected, described as millions of people whose personal data has been systematically and continuously transferred to the United States. The European Data Protection Board characterized the volume of personal data transferred as massive due to Facebook's large user base in Europe.
Why It Matters
This is the largest fine ever imposed under the GDPR and represents a significant enforcement action against one of the world's largest technology companies for cross-border data transfers. The case stems from a decade-long legal challenge and sets a precedent that standard contractual clauses alone may be insufficient for protecting European users' data when transferred to countries without adequate privacy protections. The European Data Protection Board emphasized that serious infringements have far-reaching consequences and signals stronger enforcement of data transfer rules.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.
Related Events
- Facebook — Regulatory OrderNov 1, 2023
In response to GDPR enforcement, Meta introduced a 'pay or consent' model for EU...
- Facebook — Policy ChangeJun 26, 2024
Meta announced a policy update allowing EU users' public posts, comments, and ph...
- Facebook — Policy ChangeMay 27, 2025
Meta began training its generative AI models on public posts, photos, and commen...