5 pillars of drop shipping contracts: Creating security in a fast-growth model
Drop shipping is growing fast. Find out how the right contracts can protect your margins, brand and legal position.
Read More
Our Commercial & Data Protection team look at the critical consequences of non-compliance with data transfer regulations between Europe and the US.
Commercial & Data Protection|24 July 2023
Insight
In May 2023, Meta, the owner of Facebook, was given a record-breaking €1.2b (£1b) GDPR fine by Ireland’s Data Protection Commission (DPC).
The fine was imposed because Meta breached Article 46 of the EU GDPR by transferring personal data from Europe to the US, because although Meta implemented a number of organisational and technical measures, if the US Government was to request such data under the Foreign Intelligence Surveillance Act, Meta would be required to disclose it, and this contradicts the protections offered by the GDPR.
The ruling stems from the 2020 Schrems II case, where the European Court of Justice (ECJ) determined that Privacy Shield Framework could no longer be relied upon for GDPR compliance. Organisations transferring personal data to the US must now consider alternative measures, such as standard contractual clauses (SCCs). The DPC found that Meta’s measures did not adequately address the risks to data subjects’ rights and freedoms, resulting in the significant fine and a suspension of future data transfers to the US.
Whilst a political solution may be on the horizon, as the European Commission and the US have reached a preliminary agreement on a new Trans-Atlantic Data Privacy Framework, companies must ensure compliance with the current framework until these solutions materialise.
The EU GDPR sets a maximum fine of €20m or 4% of annual global turnover, whichever is the greater, and UK GDPR sets a maximum fine of the of £17.5m or 4% of the organisation’s global annual turnover.
Therefore, whilst this record-breaking fine is at the upper end of the extreme, it serves as a stark reminder to companies of the importance of GDPR compliance.
Contact Us
If you have any questions about how your company can ensure its compliance with the UK GDPR or any other data protection and commercial legal issues, our highly experienced Commercial team will be happy to help. Please contact Haroon Younis on 01332 226 466 or fill in the form below to request a no-obligation discussion.
Related Services
Knowledge
Drop shipping is growing fast. Find out how the right contracts can protect your margins, brand and legal position.
Read MoreLearn about fiduciary duties, commission disclosure, and legal compliance after the Expert Tooling v Engie ruling.
Read MoreLearn how Rukhadze v Recovery Partners reinforces strict fiduciary duties and what it means for your business and governance.
Read MoreThe ICO and CMA's joint statement outlines new AI in finance regulations, focusing on data protection, competition, and consumer safeguards.
Read MoreA decade of progress – but the fight against modern slavery isn’t over, we highlight how businesses can meet stricter transparency rules.
Read MoreNavigate AI regulations in financial services. Key insights from the FCA & ICO on compliance, data protection, and innovation.
Read MoreExplore how to create an AI usage policy that mitigates risks and ensures responsible adoption for your business.
Read MoreEffective data safety and optimisation are key to business success, reducing risks and improving efficiency in a digital world.
Read MoreLandmark EU court ruling awards damages for unlawful data transfer. Learn what this means for GDPR compliance and safeguarding your business.
Read MoreProtect your SME from data breaches. Discover key tips for GDPR compliance and data security during Data Protection Week.
Read MoreBoost profitability with well-negotiated commercial contracts—learn essential terms to protect and grow your business.
Read MoreDiscover the key changes introduced by the Data (Use and Access) Bill and how organisations must adapt to meet compliance requirements.
Read MoreScroll to next section
Scroll back to the top
On Monday 29 September, Flint Bishop successfully completed the acquisition of the entire business of Lupton Fawcett LLP. You have been forwarded to the page most relevant to your visit.
Please feel free to explore our website and learn more about our legal services and professionals, including those who have recently joined us from Lupton Fawcett.