The Irish Data Protection Agency (DPA) has just imposed a record fine on Meta. The American company was ordered to pay 1.2 billion euros for continuing to transfer data from European users of Facebook to servers located in the United States, after the invalidation of an agreement between the two geographical areas , known as the “Privacy Shield”. Never had a company been sentenced to such an amount for this type of offense in Europe. The DPA also orders Meta to “suspend any transfer of personal data to the United States within five months” of notification of its decision and to comply with the GDPR within six months. Denouncing an “unjustified and unnecessary” fine, Meta will appeal to justice. At the origin of all this procedure, an Austrian lawyer, Max Schrems, Facebook user had filed a complaint against the company believing that his data collected by Facebook Ireland were, once transferred to Facebook Inc. in the United States, at the mercy of local laws in force, such as those on the surveillance of electronic communications, or the Cloud Act, which gives broad powers to the American National Security Agency (NSA). In 2013, whistleblower Edward Snowden revealed the extent of this agency’s surveillance program, which can access users’ personal information through companies such as Facebook and Google. In 2015, European justice had invalidated a first agreement governing the transfer of data between Europe and the United States (the “Safe Harbor”), which had forced the European Commission and the United States to propose a new mechanism, the “Privacy Shield”, also challenged by the Court of Justice of the European Union in 2020. In March 2022, the European Union and the United States announced that they had reached a new agreement on data transfers, but the legal framework did not yet been adopted. “If the new agreement becomes effective before the deadline set by the DPA expires, our services will be able to continue as they are today,” Meta said. But what will happen to all European users of Facebook’s services if this is not the case? The uncertainty is total. “There is a fundamental rights conflict between US government rules on data access and European privacy rights,” the US company added. This is a “serious blow to Meta” , reacted in a press release NOYB, the association for the defense of the privacy of Max Schrems. (More info to follow)