Meta, Facebook’s parent company, has been fined €17 million by the Irish Data Protection Commission (the “DPC”) over a string of historical data breaches. The fine comes following the DPC’s investigation into a series of 12 data breach notifications received by the DPC between June and December 2018. These breaches appear to have affected up to 30 million Facebook users.
The European Union’s General Data Protection Regulation (“GDPR”) requires data controllers to swiftly disclose breaches of personal data to a supervisory authority, with the most serious breaches notified within 72 hours, if the leak of information is likely to pose a risk to individuals.
In a statement made on 15 March 2022, the DPC, which is Meta’s lead privacy regulator in the European Union, stated that “As a result of its inquiry, the DPC found that Meta Platforms infringed Articles 5(2) and 24(1) GDPR. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches.”
More detail can be found in the DPC’s press release.
Please contact Jose Saras if you have any questions regarding the above.
The material contained in this article is only for general review of the topics covered and does not constitute any legal advice. No legal or business decision should be based on its content.