Editor’s Note: NYU Law’s Program on Corporate Compliance and Enforcement (PCCE) is following the developments from the recently-announced and record-breaking fine against Meta Platforms, Inc. for alleged violations of Europe’s General Data Protection Regulation (GDPR) over transfers of personal data from the EU to the U.S. The relevant decisions of the Irish Data Protection Commission and the European Data Protection Board are available here and here. The question of compliance with rules for cross-Atlantic data transfers is subject to significant legal uncertainty and political disputes between the relevant jurisdictions. In this post, Meta responds to the decision.
by Nick Clegg and Jennifer Newstead
Nick Clegg and Jennifer Newstead (photos courtesy of Meta Platforms, Inc.)
Takeaways
- Thousands of businesses and organisations rely on the ability to transfer data between the EU and the US to operate and provide everyday services.
- This is not about one company’s privacy practices — there is a fundamental conflict of law between the US government’s rules on access to data and European privacy rights, which policymakers are expected to resolve in the summer.
- We will appeal the ruling, including the unjustified and unnecessary fine, and seek a stay of the orders through the courts.
- There is no immediate disruption to Facebook in Europe.