Partner and Co-Privacy Officer, Trisha Sircar authored a reaction to the recently-announced and historic data transfer fine against Meta Platforms, Inc. (Meta) for the New York University School of Law’s Compliance and Enforcement blog.

The EU “slapped Meta with a historic $1.3 billion (€1.2 billion) fine” for alleged violations of Europe’s General Data Protection Regulation (GDPR) over transfers of personal data from the EU to the US, as noted by Trisha in the blog. “It also gave Meta six months to stop ‘the unlawful processing, including storage, in the US’ of EU personal data already transferred to the US, meaning that any EU personal data will need to be removed from Meta servers,” she further explained.

Trisha flagged that “part of this decision does not come as a total surprise,” due to ongoing negotiations between the US government and the European Commission to finalize the new Trans-Atlantic Data Privacy Framework, to which the European Commission called for improvements, “saying the safeguards employed by the US are not strong enough.”

“As Meta appeals this decision, we remain cautiously optimistic that a new Trans-Atlantic Data Privacy Framework is likely to be finalized,” Trisha wrote. “Until then, organizations of all shapes and sizes will have to pay close attention to how they process EU personal data. Data exporters should, at a minimum, undertake thorough risk assessments of EU personal data transfers and document them appropriately.”

Privacy Experts React to Meta’s 1.2 Billion Euro Data Transfer Fine,” Compliance and Enforcement Blog, sponsored by NYU School of Law’s Program on Corporate Compliance and Enforcement, May 26, 2023