IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Meta hit with €17 million fine over multiple GDPR breaches

The social media giant set aside over €1 billion in November to help it cope with potential fines arising from data protection investigations

Ireland’s Data Protection Commission (DPC) has hit Meta with a €17 million (£14 million) fine over multiple breaches of GDPR

The DPC said the decision followed an inquiry into a series of 12 data breach notifications it received between 7 June 2018 and 4 December 2018. The inquiry looked at the extent to which Meta complied with the requirements of GDPR Articles 5(1)(f), 5(2), 24(1) and 32(1) in relation to the processing of personal data relevant to the 12 breach notifications.

Following the inquiry, the DPC found that Meta infringed Articles 5(2) and 24(1) GDPR. It found the company failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the 12 data breaches.

Since the processing under examination constituted “cross-border” processing, the DPC said its decision was subject to the co-decision making process outlined in Article 60 GDPR and all of the other European supervisory authorities were engaged as co-decision-makers.

The Irish data regulator has been accused in the past of being the “bottleneck” of GDPR enforcement with 160 unresolved complaints. Campaigners claimed that it was hindering pan-European data protection enforcement as a result, with 98% of 164 cases remaining unresolved.

“While objections to the DPC’s draft decision were raised by two of the European supervisory authorities, consensus was achieved through further engagement between the DPC and the supervisory authorities concerned,” stated the DPC. “Accordingly, the DPC’s decision represents the collective views of both the DPC and its counterpart supervisory authorities throughout the EU.”

A Meta spokesperson told IT Pro: “This fine is about record-keeping practices from 2018 that we have since updated, not a failure to protect people's information. We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”

Related Resource

Solving big data challenges with Multi-Cloud Data Services for Dell EMC PowerScale

Achieve cost-effective performance at scale and leverage multiple public clouds at the same

Whitepaper cover with text and yellow gradient shading at topFree Download

To put the €17 million fine into perspective, Facebook’s main Irish subsidiary paid an additional €35 million to settle outstanding tax matters in 2020, and the company put over €1 billion aside to cover potential fines from regulatory investigations, according to the Irish Times. Its corporate tax liability rose to €266.3 million from €173.2 million. Its revenue jumped by €6.3 billion to €40.6 billion at Facebook Ireland in 2020, while pre-tax profits rose to €890 million compared to €482 million the previous year.

The amount the company set aside for potential administrative fines from investigations conducted by data protection authorities more than tripled from €302.3 million to €1.02 billion. The company predicted that regulatory matters would be resolved within the next two years.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Recommended

"Unacceptable" data scraping lands Meta a £228m data protection fine
Policy & legislation

"Unacceptable" data scraping lands Meta a £228m data protection fine

29 Nov 2022
Meta cuts 11,000 staff, citing wrong call on investment
Careers & training

Meta cuts 11,000 staff, citing wrong call on investment

10 Nov 2022
Meta's earnings are 'cause for concern' and 2023 looks even bleaker
Business strategy

Meta's earnings are 'cause for concern' and 2023 looks even bleaker

27 Oct 2022
Meta ordered to sell Giphy in CMA ruling
mergers and acquisitions

Meta ordered to sell Giphy in CMA ruling

18 Oct 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Salesforce co-CEO Bret Taylor resigns with cryptic parting message
Business operations

Salesforce co-CEO Bret Taylor resigns with cryptic parting message

1 Dec 2022
Netherlands urges citizens to prepare survival kits in case hackers target critical infrastructure
cyber attacks

Netherlands urges citizens to prepare survival kits in case hackers target critical infrastructure

2 Dec 2022