Norway pleads for fine for Meta for ignoring Privacy Shield ban

The Norwegian privacy regulator is calling for Meta to be fined for wrongly forwarding data from European users to the US. According to a recent Irish ruling, Meta should stop doing that, but the Irish don’t want to fine the company for it.

Datatilsynet pleads with the other European privacy regulators that Meta should be fined, writes Politico. That put the hand on a document in which the Norwegian regulator says so. The watchdog does not write how high the fine should be. He only says that a fine is necessary because otherwise there is ‘little to no reason for American companies to comply with European data legislation’.

Datatilsynet pleads for the fine after a ruling by the European Court of Justice in 2020 regarding data exchange between the European Union and the United States. That case was brought by privacy activist Max Schrems. He didn’t want his Facebook data stored on US servers. The EU and US subsequently set up a treaty called the Privacy Shield, but that was later banned by the European Court. However, it was still possible to send data to the US under ‘standard contractual clauses’. In July, however, the Irish privacy regulator concluded that the clauses Meta used were also not allowed.

After that ruling, Meta threatened to withdraw its services from Europe if the standard clauses were banned. That did not happen, in part because the Irish privacy regulator did not impose sanctions on the ban. While the Data Protection Office said the standard clauses were prohibited, it did not fine Meta or even impose a penalty. Meta, but also future companies that use illegal standard clauses, have little reason to comply with the ban, says the Norwegian watchdog. “Looking at the facts of this case, we don’t see how Meta could have continued its data exchange if it had complied with the GDPR,” the Norwegians say.

“Orders, limits and prohibitions are intended to carry out future data processing operations in line with the GDPR, but an administrative fine is intended to punish past violations and has a punitive effect,” says Datatilsynet. Therefore, it would still be necessary to fine Meta for the period that it forwarded data to the US after Privacy Shield was declared illegal.