Facebook's owner, Meta, has been fined €1.2bn (£1bn) for mishandling people's data when transferring it between Europe and the United States.
Issued by Ireland's Data Protection Commission (DPC), it is the largest fine imposed under the EU's General Data Protection Regulation privacy law.
GDPR sets out rules companies must follow to transfer user data outside of the EU.
Meta says it will appeal against the "unjustified and unnecessary" ruling.
At the crux of this decision is the use of standard contractual clauses (SCCs) to move European Union data to the US.
These legal contracts, prepared by the European Commission, contain safeguards to ensure personal data continues to be protected when transferred outside Europe.
But there are concerns these data flows still expose Europeans to the US's weaker privacy laws - and US intelligence could access the data.
This decision does not affect Facebook in the UK. The Information Commissioner's Office told the BBC that the decision "does not apply in the UK" but said it had "noted the decision and will review the details in due course".