The EDPB decided a fine was appropriate, and so as well as being required to stop future data transfers to the US (for a period of five months), Meta was ordered to meet the requirements of the GDPR within six months, and pay an administrative fine of 1.2bn (1.04bn). Its the largest fine ever imposed for a GDPR breach. Andrea Jelinek, chair of the EDPB, said: The EDPB found that Meta IEs infringement is very serious since it concerns transfers that are systematic, repetitive and continuous. Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences. Of course, Meta isnt happy with the decision, and has confirmed it will be appealing the unjustified and unnecessary fine and requesting the courts pause the relevant deadlines. In a blog post penned by Chief Legal Officer Jennifer Newstead and former Lib Dem leader turned tech bro Sir Nick Clegg (hes their president of global affairs), the pair wrote: The DPC initially acknowledged that Meta had continued its EU-US data transfers in good faith, and that a fine would be unnecessary and disproportionate. However, this was overruled by the EDPB, which also chose to disregard the clear progress that policymakers are making to resolve this underlying issue. This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US. It also raises serious questions about a regulatory process that enables the EDPB to overrule a lead regulator in this way, disregarding the findings of its multi-year inquiry without giving the company in question a right to be heard. The underlying issue referenced by Meta concerns a framework known as Privacy Shield, which concerned data transfers between the EEA and the US and was invalidated by the European Court of Justice in 2020 due to a lack of adequate safeguards. Both European and American policymakers are now working on a new data privacy framework to allow data transfers between the areas, called the EU-US Data Privacy Framework. Meta also confirmed the ruling poses no immediate disruption to Facebook given the deadline periods imposed, and that their priority is ensuring users can continue to enjoy Facebook while keeping their data safe and secure. Discuss the importance for companies like Facebook to make use of an appropriate risk classification system. Using your own relevant examples, examine how the FIRM risk classification system can assist Facebook and based on the case study, evaluate which two risk classifications materialised