Where will I find accessible legal information?
DZP's media centre.
31.05.2023
Authors:On 22 May, Meta, the US technology company responsible for, inter alia, Facebook and Messenger, was fined EUR 1.2 billion by the Irish Data Protection Commissioner (DPC) for breaching the EU's General Data Protection Regulation (GDPR). This is the harshest penalty imposed since the GDPR came into force.
In the article for the Association of Corporate Counsel, Bartosz Marcinkowski, Partner and head of the data privacy team, analyses the background of the case and the lessons to be learned from the proceedings against Meta. As our expert points out, the transfer of personal data from the EU to third countries, including the United States, is perfectly legal, but only if the requirements laid down in EU law are met. In the case of data transfers from the EU to the USA, the most common legal basis is the use of standard contractual clauses (SCC) in contracts, but for them to be effective, an assessment of the impact of the transfer and additional precautionary measures should also be carried out.
According to Bartosz, the Meta case is also of major importance for other Silicon Valley technology companies, as most cloud service providers (including those from the USA: Microsoft, Amazon and Google) use SCC, and for other global companies that, when operating in Europe, transfer at least some of the personal data they process to the USA.
The full text of the article is available on the ACC’s website.