European Union regulators on Monday fined Facebook owner Meta a record €1.2 billion ($1.3 billion) over the transfer of EU data to the United States.
Meta was also ordered to stop transferring user data across the Atlantic by October.
The data transfers came despite a previous EU court ruling.
The breach prompted the largest fine "ever" under the EU's General Data Protection Regulation (GDPR), said the European Data Protection Board (EDPB), topping the €746 million fine against Amazon in 2021.
Why did the EU fine Meta?
The Irish Data Protection Commission (DPC), which acts on behalf of the European Union, has been investigating Meta's transfer of personal data from the EU to the US since 2020.
It found that Meta failed to "address the risks to the fundamental rights and freedoms of data subjects" that were identified in a previous ruling by the Court of Justice of the European Union (CJEU).
Meta's breach is "very serious since it concerns transfers that are systematic, repetitive and continuous," said Andrea Jelinek, the EDPB chair.
"Facebook has millions of users in Europe, so the volume of personal data transferred is massive," Jelinek added.
"The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences."
Decadelong case
The case is part of a long-running legal battle over where Facebook stores its data and its involvement in mass surveillance by Anglo-American intelligence agencies.
Austrian privacy campaigner Max Schrems first brought a legal challenge against Facebook a decade ago, in light of revelations by former US National Security Agency (NSA) contractor Edward Snowden.
Meta said it would appeal the decision, including the "unjustified and unnecessary fine," and seek a stay of the orders through the courts.