Social network fined €17mn for privacy breach

15 Mar, 2022 19:06 / Updated 3 years ago
The privacy breaches impacted around 30 million Facebook users

The Irish Data Protection Commission (DPC) has imposed a fine of $18.7 million (€17 million) on Facebook’s parent company Meta after an investigation into 12 separate data breach notifications revealed the company had prolifically violated EU privacy rules. 

Meta failed to impose “appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data,” the regulator said on Tuesday.

The breaches in question, which were reported to the DPC during the period between June and December 2018, allegedly affected 30 million Facebook users. Under the EU’s GDPR privacy law, platforms are required to quickly disclose personal data breaches if they are likely to put individual users at risk - with a reporting deadline of 72 hours for the most serious breaches.

A Meta spokesperson dismissed the fine as the product of long-defunct record keeping practices that “we have since updated,” rather than “a failure to protect people’s information.” The company insisted it took the GDPR very seriously. 

While the judgment is the first announced against Meta by the DPC in the four years the regulation has been in effect, the body also leveled a $267 million (€225 million) fine against WhatsApp last year, arguing the messaging app failed to live up to the GDPR privacy law’s standards regarding the need to be open and honest with users about what the company plans to do with their data. 

The commission is the chief regulator of Meta and its subsidiaries in Europe, as the company has its continental headquarters in Ireland. While the country long attracted Big Tech companies like Google and Apple in addition to Meta for its low tax rates, an international agreement signed last year will impose a minimum 15% tax rate on profits for multinational corporations with annual revenues over $823 million (€750 million), rendering the setup considerably less hospitable for Meta and its multi-billion-dollar peers.

Meta (when it was still Facebook) agreed to a $5 billion settlement with the US Federal Trade Commission in 2019, one of many fines and settlements the company has been racking up in recent years as countries become bolder about pursuing the many privacy violations committed (and admitted to) by the social media behemoth.