On 12 May 2023, Ireland's Data Protection Commission (DPC) issued its ruling in the investigation into Meta over data personal data transfers to the United States for its Facebook service, issuing a fine of EUR 1.2 billion and requiring Meta to suspend personal data transfers to the United States for 5 months after receiving the notification on the ruling. The DTC found that the Meta violated Article 46.1 on transfers subject to appropriate safeguards of the General Data Protection Regulation (GDPR) by continuing to transfer data to the US following the Court of Justice of the European Union (CJEU) Schrems II judgement invalidating the EU-US Privacy Shield. Furthermore, the DPC stated that the updated Standard Contractual Clauses (SCC) used by Meta, incorporating additional safeguards to the European Commission 2021 SCC, provided insufficient protections for the data transferred to the US and failed to resolve the risks to the fundamental rights and freedoms of data subjects that the CJEU raised in its decision. Based on the ruling, Meta must amend its data processing practices within 6 months to comply with Chapter V on transfers of personal data to third countries or international organisations of the GDPR by stopping transferring and storing data in the US.
Original source