The Data Protection Commission (DPC), Ireland’s data protection agency, has fined Meta €17 million for a series of user data breaches dating back several years.
Twelve information leak notifications in six months
The DPC, which is the main regulator of Meta (formerly Facebook) in Europe for all matters relating to personal data, began an investigation against the American giant in 2018. At the time, the agency indeed received no less than twelve data breach notifications from Meta during a six-month period between June 7, 2018 and December 4, 2018.
Instagram: Mark Zuckerberg announces the arrival of NFTs
As a reminder, since 2018 and the entry into force of the General Data Protection Regulation (GDPR) within the European Union, technology giants processing personal data have the obligation to report any information leak to a supervisory authority if it poses a risk to users.
” The survey examined the extent to which Meta Platforms complied with the requirements of Articles 5(1)(f), 5(2), 24(1) and 32(1) of the GDPR with respect to data processing information relating to the twelve breach notifications “, explains the DPC in A press release. ” Following its investigation, the DPC concluded that Meta Platforms violated Articles 5(2) and 24(1) of the GDPR. The DPC has found that Meta Platforms does not have appropriate technical and organizational measures in place that would allow it to easily demonstrate the security measures it has implemented in practice to protect EU user data , in the context of the twelve personal data breaches “, she continues, without specifying the exact nature of these violations.
Meta played down the facts, assuring that they were not flaws but practices that were not GDPR compliant. Illustration: Muhammad Asyfaul / Unsplash
Second fine under GDPR for Meta
As a result, the Irish agency decided to impose a fine of 17 million euros on Meta. This sum obviously has no impact on the company, which recorded $ 32.6 billion in advertising revenue in the last quarter. “ This fine relates to record-keeping practices from 2018 that we have since updated, and not a failure to protect individuals’ information. We take our obligations under the GDPR seriously, and we will carefully consider this decision as our processes continue to evolve. says Meta.
This is not the first time that Mark Zuckerberg’s firm has been sanctioned by the DPC. In 2021, it was fined 225 million euros because WhatsApp, one of its messaging services, did not process user data lawfully. Despite this, the Irish data protection agency is under fire for its legal slowness.
It is indeed she who is in charge of investigating the technological giants, because most of them have their European headquarters there, but she has been criticized since the entry into force of the GDPR. As a result, the Irish Council for Civil Liberties recently launched legal proceedings against him.