Bytesize Legal Update: The Meta Decision

Bytesize Legal Updates | Fieldfisher

Fieldfisher

Business

5 • 4 Ratings

🗓️ 2 June 2023

⏱️ 13 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

On 22 May 2023, the Irish DPC announced it had fined Meta €1.2bn for infringement of Article 46(1) GDPR when it transferred personal data from the EU to the USA. What is the legal significance of the case? Going forward, what does it mean for businesses who transfer their data abroad? In our latest Bytesize Legal Update, Fieldfisher's Natalie Farmer and Richard Lawne cut right to the chase, and discuss the key takeaways for businesses wanting to understand what the decision means for them.

Transcript

Click on a timestamp to play from that location

0:00.0	Hello and welcome to this bite-size legal update from the team at Field Fisher in Silicon Valley.
0:08.0	I'm Natalie and I'm joined by my colleague Richard and we're going to be talking today about the Irish State Protection Commissioners decision against Porter.
0:16.0	You might have seen some headlines. They're pretty shocking. So 1.2 billion euros is difficult to ignore. And there's a very long history to this case. And we're not going to talk about that today. Instead, we're trying to delve in and cut
0:38.6	through some of the noise on this and really try to get to what this means. Why do we care about it?
0:43.8	What does this really mean from a legal perspective? Hand over to Richard. He'll give us some
0:50.2	specifics on the decision. Yeah, absolutely. So recently, the Irish Data Protection Commissioner issued a fine against META to the tune of
1:01.0	1.2 billion euros and determined that META had failed to comply with the GDPR when it transferred
1:08.0	personal data from the European Union to the United States,
1:12.5	in particular personal data relating to Facebook users in the EU.
1:17.8	And this decision has been a long time coming.
1:20.8	It has quite a long and complicated history.
1:24.0	And the outcome of the decision, well, at least the substantive part, maybe not the level of fine, was to some degree expected, so not a major surprise.
1:33.3	But effectively, what the DPC found was that META had violated Article 46 of the GDPR, that's the provision around international transfers of data. They found that META had failed to
1:46.2	ensure that the personal data of Facebook users in the EU is afforded an adequate level of protection
1:52.0	when it's transferred to META in the US. In particular, the DPC came to three important conclusions.
1:59.9	Firstly, it found that US law does not provide an
2:03.5	essentially equivalent level of protection to that guaranteed by EU law, and that's due to concerns
2:08.6	around downstream surveillance under Section 702 or Pfizer, which some of you may recall was the
2:15.3	focus of the Shrems 2 decision. The second important conclusion
2:19.2	was that META cannot rely on the SECs to transfer personal data to the US, not only because the
2:26.7	SECs didn't afford adequate protection, but also because the supplementary measures implemented
2:32.0	by META also didn't compensate for the inadequate level of protection.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Fieldfisher, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Fieldfisher and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.