GDPR: Meta Hit With Dissuasive Fine For Illegal Data Transfers From Europe To US Servers

This decision comes in the wake of Meta’s and 5000 other companies willful ignorance of EU data protection law and persistent illegal transfers of European users’ sensitive data, such as names, email and IP addresses, messages, viewing history, geolocation data and other information, to US servers. Meta will of course appeal the ruling, but if they cease to operate in Europe, they likely won’t be missed.

The same issue persists in Canada, and although PIPEDA applies to data transferred across Canadian borders, there has never been any specific enforcement addressing unauthorized data transfers into US or international waters servers. The problem is that nearly all private and public companies are already working with 3rd parties in the US, so the actual framework in a conflict of law situation will always be US law.