Meta, the parent company of Facebook, was penalized with a €1.2 billion (£1 billion) penalty for improperly managing user data during transfers between Europe and the United States.
The General Data Protection Regulation privacy law's biggest fine to date was issued by Ireland's Data Protection Commission.
Before utilizing a person's personal data, a company must obtain that person's consent under GDPR regulations.
According to Meta, it will challenge the "unjustified and unnecessary" decision.
The use of Standard Contractual Clauses to transfer EU data to the US is key to this conclusion.
These legal agreements, drafted by the European Commission, provide protections to guarantee that personal data remains secure when transferred outside of Europe.
There are worries, however, that these data flows might still expose Europeans to the laxer privacy regulations of the US and allow US intelligence access to the data.
'Dangerous precedent'
Most major businesses have intricate webs of data transfers to foreign receivers, many of which rely on SCCs, which can include email addresses, phone numbers, and financial information.
Meta asserts that the fee is unjust because of their widespread use.
"We are disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe," Facebook president Nick Clegg said.
"This decision is flawed, unjustified, and establishes a risky precedent for the countless other businesses transferring data between the EU and the US," the statement reads.