Causes.com
| 5.25.23

Meta Hit With Record Fine for Data Protection Violations
Should the U.S. have a version of GDPR?
What's the story?
- Meta was found guilty of violating Europe's General Data Protection Regulation (GDPR) laws and fined 1.2 billion euros, equivalent to USD 1.3 billion.
- The ruling from Ireland's Data Protection Commission (DPC) marks one of the most significant penalties since the European Union enacted the data protection laws five years ago.
- Meta has also been ordered to cease data transfer from Facebook users in Europe to the U.S.
- In a statement, Meta announced its decision to appeal the ruling.
What happens to Facebook?
- The DPC gave Meta six months to stop processing and storing personal data that was transferred in violation of the GDPR. Meta may have to delete large amounts of Facebook users' data in the EU.
- In response, Meta argues that it's been unfairly targeted for widely-used data-sharing practices, emphasizing that thousands of organizations depend on data transfers between the EU and the U.S. to provide everyday services.
- Nick Clegg, Meta's president of global affairs, and Jennifer G. Newstead, the company's chief legal officer, said in the statement:
"Without the ability to transfer data across borders, the internet risks being carved up into national and regional silos, restricting the global economy and leaving citizens in different countries unable to access many of the shared services we have come to rely on."
What is GDPR?
- Europe's GDPR is the strictest privacy and security law in the world. It took effect in 2018 and mandates any organization processing the personal data of EU citizens/residents to adhere to seven principles.
The seven principles of GDPR include:
- Processing must be lawful, fair, and transparent to the data subject.
- Data must be processed for legitimate purposes specified explicitly to the data subject when collected.
- Organizations should only collect and process as much data as absolutely necessary for the purposes specified.
- Personal data must be kept accurate and up to date.
- Personally identifying data must only be stored for as long as necessary for the specified purpose.
- Processing must be done to ensure appropriate security, integrity, and confidentiality (e.g., by using encryption).
- The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
What do you think? Should the U.S. have a version of GDPR?
-Laura Woods
(Photo credit: Unsplash)
The Latest
-
Changes are almost here!It's almost time for Causes bold new look—and a bigger mission. We’ve reimagined the experience to better connect people with read more...
-
The Long Arc: Taking Action in Times of Change“Change does not roll in on the wheels of inevitability, but comes through continuous struggle.” Martin Luther King Jr. Today in read more... Advocacy
-
Thousands Displaced as Climate Change Fuels Wildfire Catastrophe in Los AngelesIt's been a week of unprecedented destruction in Los Angeles. So far the Palisades, Eaton and other fires have burned 35,000 read more... Environment
-
Puberty, Privacy, and PolicyOn December 11, the Montana Supreme Court temporarily blocked SB99 , a law that sought to ban gender-affirming care for read more... Families