Meta Fined $1.3 Billion for Violating E.U. Data Privacy Rules

Meta on Monday was fined a record 1.2 billion euros ($1.3 billion) and ordered to stop transferring data collected from Facebook users in Europe to the United States, in a major ruling against the social media company for violating European Union data protection rules.

The penalty, announced by Ireland’s Data Protection Commission, is potentially one of the most consequential in the five years since the European Union enacted the landmark data privacy law known as the General Data Protection Regulation. Regulators said the company failed to comply with a 2020 decision by the European Union’s highest court that Facebook data shipped across the Atlantic was not sufficiently protected from American spy agencies.

But it remains unclear if or when Meta will ever need to cordon off the data of Facebook users in Europe. Meta said it would appeal the decision, setting up a potentially lengthy legal process.

At the same time, European Union and American officials are negotiating a new data-sharing pact that would provide legal protections for Meta and scores of other companies to continue moving information between the United States and Europe — a pact that could nullify much of the European Union’s ruling on Monday. A preliminary deal was announced last year.

The ruling, which comes with a grace period of at least five months before Meta needs to comply, applies only to Facebook and not to Instagram and WhatsApp, which Meta also owns. The company said there would be no immediate disruption to Facebook’s service in the Europe Union.

Still, the E.U. decision shows how government policies are upending the borderless way that data has traditionally moved. As a result of data-protection rules, national security laws and other regulations, companies are increasingly being pushed to store data within the country where it is collected, rather than allowing it to move freely to data centers around the world.