A respected cyber-security expert fears alleged mistakes which led to the £1bn fine handed out to Meta, Facebook’s owner, could happen again.
Meta was sanctioned for mishandling people’s data when transferring it between Europe and the United States.
Issued by Ireland’s data protection regulatory body, it is the biggest fine to be imposed under the EU’s General Data Protection Regulation, or GDPR, regulations.
However, Meta says it will appeal against the “unjustified and unnecessary” ruling and argues it is the same for “countless” other companies transferring data.
Deryck Mitchelson, Field CISO EMEA at Check Point Software, pictured, said: “While it has been argued that the data being transferred across international borders is secure, we cannot ignore the discrepancies in the level of privacy upheld in the US when compared to EU standards.
“This is another reminder of how ambiguity around data handling and protection leads to poor management and fines of this scale. I am certain this will not be the last time we hear of companies getting it wrong.”
At the crux of Irish body’s decision is the use of standard contractual clauses (SCCs) to move European Union data to the US as they contain safeguards to ensure personal data continues to be protected when transferred outside Europe.
Facebook president Nick Clegg said: “We are therefore disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe.
“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US.”