Meta Fined $19m For 2018 Data Breach

Tom Jowitt,
Whistleblower leak keyboard security breach © CarpathianPrince Shutterstock

Ireland’s data protection watchdog issues 17 million euros fine against Meta for 12 data breaches notifications back in 2018

Facebook’s parent Meta Platforms has been slapped with a modest 17m euros ($18.7m) fine by the Irish data protection watchdog.

Ireland’s Data Protection Commission (DPC) announced the decision which “followed an inquiry by the DPC into a series of twelve data breach notifications it received in the six month period between 7 June 2018 and 4 December 2018.

Ireland is responsible for the regulation of Meta and a number of other US tech giants due to the fact that their European Union headquarters are located in the country.

Breach fine

As a result of its investigation, Ireland’s DPC found Meta Platforms infringed Articles 5 and 24 GDPR.

“The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches,” it said.

“Given that the processing under examination constituted ‘cross-border’ processing, the DPC’s decision was subject to the co-decision-making process outlined in Article 60 GDPR and all of the other European supervisory authorities were engaged as co-decision-makers,” it said.

Facebook has been plagued by a numb er of data breaches over the years.

In April 2021 Facebook said that a massive data leak on 530 million people worldwide, involved “old” data.

The GDPR, which came into force in 2019, strengthens data protection laws for European citizens, but the Irish DPC has previously come under fire from activists and other EU data protection offices over the rules’ enforcement.

Meta response

A spokesperson for Meta told Reuters that it would “carefully consider Tuesday’s decision”, adding that its “processes continue to evolve.”

“This fine is about record-keeping practices from 2018 that we have since (been) updated, not a failure to protect people’s information,” the spokesperson said.

In September last year the Irish Data Protection Commissioner, fined its WhatsApp subsidiary a record 225 million euros (£193m or $267m) for failing to conform with EU data rules in 2018.

It should be noted that the DPC has a number of ongoing investigations into Meta.