IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Meta hit with €17 million fine over multiple GDPR breaches

The social media giant set aside over €1 billion in November to help it cope with potential fines arising from data protection investigations

Ireland’s Data Protection Commission (DPC) has hit Meta with a €17 million (£14 million) fine over multiple breaches of GDPR

The DPC said the decision followed an inquiry into a series of 12 data breach notifications it received between 7 June 2018 and 4 December 2018. The inquiry looked at the extent to which Meta complied with the requirements of GDPR Articles 5(1)(f), 5(2), 24(1) and 32(1) in relation to the processing of personal data relevant to the 12 breach notifications.

Following the inquiry, the DPC found that Meta infringed Articles 5(2) and 24(1) GDPR. It found the company failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the 12 data breaches.

Since the processing under examination constituted “cross-border” processing, the DPC said its decision was subject to the co-decision making process outlined in Article 60 GDPR and all of the other European supervisory authorities were engaged as co-decision-makers.

The Irish data regulator has been accused in the past of being the “bottleneck” of GDPR enforcement with 160 unresolved complaints. Campaigners claimed that it was hindering pan-European data protection enforcement as a result, with 98% of 164 cases remaining unresolved.

“While objections to the DPC’s draft decision were raised by two of the European supervisory authorities, consensus was achieved through further engagement between the DPC and the supervisory authorities concerned,” stated the DPC. “Accordingly, the DPC’s decision represents the collective views of both the DPC and its counterpart supervisory authorities throughout the EU.”

A Meta spokesperson told IT Pro: “This fine is about record-keeping practices from 2018 that we have since updated, not a failure to protect people's information. We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”

Related Resource

Solving big data challenges with Multi-Cloud Data Services for Dell EMC PowerScale

Achieve cost-effective performance at scale and leverage multiple public clouds at the same

Whitepaper cover with text and yellow gradient shading at topFree Download

To put the €17 million fine into perspective, Facebook’s main Irish subsidiary paid an additional €35 million to settle outstanding tax matters in 2020, and the company put over €1 billion aside to cover potential fines from regulatory investigations, according to the Irish Times. Its corporate tax liability rose to €266.3 million from €173.2 million. Its revenue jumped by €6.3 billion to €40.6 billion at Facebook Ireland in 2020, while pre-tax profits rose to €890 million compared to €482 million the previous year.

The amount the company set aside for potential administrative fines from investigations conducted by data protection authorities more than tripled from €302.3 million to €1.02 billion. The company predicted that regulatory matters would be resolved within the next two years.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Meta says Apple's iOS privacy changes will cost it $10 billion in 2022
privacy

Meta says Apple's iOS privacy changes will cost it $10 billion in 2022

3 Feb 2022
Google, Facebook fined €210 million for making it difficult for users to reject cookies
Policy & legislation

Google, Facebook fined €210 million for making it difficult for users to reject cookies

6 Jan 2022
Meta makes 2FA mandatory for high-risk users
two-factor authentication (2FA)

Meta makes 2FA mandatory for high-risk users

3 Dec 2021
Meta delays product-wide end-to-end encryption rollout until 2023
encryption

Meta delays product-wide end-to-end encryption rollout until 2023

22 Nov 2021

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022