According to TechCrunch, Ireland’s Data Protection Commission (DPC) was disturbed in 2018 when Facebook notified the commission of 12 distinct data breaches affecting up to 30 million users between June and December. The DPC launched an investigation, and Meta, Facebook’s parent company, has now been fined 17 million euros ($18.6 million USD).
Following its examination into the breaches, the DPC ruled that Meta violated Europe’s General Data Protection Regulation (GDPR). The DPC discovered 12 data breach alerts that happened between June and December 2018, according to its press release. “As a result of its investigation, the DPC discovered that Meta Platforms did not have appropriate technical and organizational measures in place that would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data,” the DPC stated in a press release.
A Meta representative told TechCrunch that any depiction of the fine as being related to the breaches was incorrect:
This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information. We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.
Two authorities objected to Ireland’s initial draft ruling, according to TechCrunch. It did not, however, reveal who those authorities were or whether their objections had any effect on the DPC’s final judgment.
Meta is eager to point out that this is connected to record-keeping practices, but this isn’t a trivial issue. In fact, adequate record-keeping appears to be a recurring issue for the organization. Last year, Facebook was at the center of a data hack that affected 533 million accounts from 106 countries. After that, Facebook stated that people affected will not be told, stating that they were unsure which users to notify and that there wasn’t much they could do about their data being public.
A corporation that fails to comply with GDPR requirements faces a fine of up to 4% of its yearly sales. Meta’s fine is significantly less than the maximum allowed.