The Irish Data Protection Authority condemned, on May 12, 2023, the American Meta (Facebook network) for an illegal transfer of European user data to the United States.

Metae was ordered to pay 1.2 billion euros, an exceptional fine, for having continued to transfer data from European users of Facebook to servers located in the United States, and was ordered to "suspend any transfer of personal data to the United States within five months» following the notification of its decision and to comply with the GDPR within six months. Meta will appeal.

It is in a way the culmination of the famous Max Schrems litigation, the Austrian Facebook user who complained that his data was at the mercy of US government authorities, since US law allows them access to personal data.

European justice had invalidated a first agreement governing the transfer of data between Europe and the United States, the "Safe Harbor" in 2015, then a second agreement, the "Privacy Shield" in 2020. The European Commission hopes to finalize a data transfer pact with the United States this year.

Meta's violations of the GDPR "are very serious since they are systematic, repetitive and continuous transfers" (Andrea Jelinek, president of the EDPB (the meeting of the CNILs of the EU). 'a strong signal to organizations that serious breaches have serious consequences,' she added.