Facebook owner Meta has been issued a record €1.2 billion ($1.3 billion) for violating the General Data Protection Regulation (GDPR).

As the Irish Data Protection Commission (DPC) explained, the fine was imposed for Meta’s practice of moving EU citizens' data to US-based servers, which is prohibited by the EU’s key digital privacy rules because the European Union says US law does not adequately protect its citizens’ data from the government’s surveillance practices.

Meta has been given until October 12, 2023, to stop relying on standard contractual clauses (SCCs) for their transfers.

This is the largest GDPR fine to date. It surpasses the previous record of €746m ($808m) imposed on Amazon by the Luxembourg National Commission for Data Protection (CNPD) in July 2021 in relation to its processing of personal data and compliance with data protection laws.