May 25
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

Record-breaking 1.2 billion EUR fine is imposed on Meta, the Swedish Postal and Telecoms Agency has updated its guidance on cookies

Record-breaking 1.2 billion EUR fine is imposed on Meta, the Swedish Postal and Telecoms Agency has updated its guidance on cookies

Konstantin Tiazhelnikov Konstantin Tiazhelnikov
  • May 25, 2023 -

DP News – Week 21. Record-breaking 1.2 billion EUR fine is imposed on Meta, the Swedish Postal and Telecoms Agency has updated its guidance on cookies

On 22 May, Ireland’s data protection authority (DPC) published its decision against Meta Ireland, examining the basis upon which it transfers personal data from the EU/EEA to the US in connection with the delivery of its Facebook service. The decision was made on the basis of the previous EDPB’s decision.

According to the DPC’s official press release, the decision implies the following:
– suspension of any future transfer of personal data to the US within the period of five months from the date of notification of the DPC’s decision to Meta Ireland;
– an administrative fine in the amount of €1.2 billion; and
– a requirement for Meta Ireland to bring its processing operations into compliance with Chapter V of the GDPR, by ceasing the unlawful processing, including storage, in the US of personal data of EU/EEA users transferred in violation of the GDPR, within 6 months following the date of notification of the DPC’s decision to Meta Ireland.

Interestingly, according to the DPC’s comments, the authority do not basically agree with an imposition of the fine and was mostly forced to impose it due to the decision of the EDPB.
According to the statement that came from Meta, this decision “is not about one company’s privacy practices — there is a fundamental conflict of law between the US government’s rules on access to data and European privacy rights, which policymakers are expected to resolve in the summer”. Meta also confirmed that it “will appeal the ruling, including the unjustified and unnecessary fine, and seek a stay of the orders through the courts”.
***
In Sweden, the Postal and Telecoms Agency (PTS) has updated its guidance on cookies.
In particular, the updated guidance explains information provision obligations in more detail, highlighting that the information provided to the data subject should be clear and complete and indicate at least who stores the cookies, what the purpose for this is, how long the cookies will be stored, and if the data obtained via cookies is shared with third parties.
As for consent rules, PTS highlighted that the consent should be collected before the cookies are actually placed, it should be clearly given, specific, revocable and unconditional.

See more related posts »

Related blog posts

Members of the European Parliament voted against EU-US Data Privacy Framework, while the AI Act moves forward in the parliament.
  • May 19, 2023 -

CJEU rules on the right to obtain a ‘copy’ of personal data, the EU General Court opined on the pseudonymized data transmitted to a data recipient
  • May 11, 2023 -

Members of the European Parliament reached a political agreement on the AI Act, Ireland’s supervisory authority has issued guidance for employers, the EDPB has launched a guide for small and medium businesses
  • May 4, 2023 -

Learn together with +8000 privacy pros

Grow and improve with our best tips and tricks. No spam, ever.

  • Hidden