Meta received a €265 million fine from the Irish Data Protection Commission. According to the regulator, the tech giant took insufficient measures to prevent a data breach between 2018 and 2019. The personal data of more than 500 million Facebook users ended up on the street.

The data was published on a public forum in 2021. The breach included the phone numbers, names, home addresses and birthdays of more than 500 million Facebook users. At the time, Meta said that the breach was caused by a vulnerability resolved in 2019.

In April 2021, The Irish Data Protection Commission launched an investigation into the incident. The regulator is responsible for enforcing the GDPR in Ireland. Meta’s European headquarters are located in Dublin.

The results of the investigation were recently disclosed. According to the regulator, Meta should have done more to prevent the breach. The organization was found guilty of violating Article 25.1 and Article 25.2 of the GDPR. Meta received a €265 million fine as a result.

Violations

Article 25.1 requires companies to take reasonable measures to protect processed personal data. Article 25.2 requires companies to only process personal data for the purpose defined in advance.

Meta’s internal systems and processes were examined. Based on the investigation, the Irish regulator concluded that the organization violated both articles between May 2018 and September 2019.

Most European member states have a national data protection authority. Penalties for GDPR violations are consulted by all European data protection authorities. Every regulator approved Meta’s most recent fine.

Mega fines

Meta received nearly €1 billion in fines from the Irish Data Protection Commission over the past two years. High sums are common in the European Union. In January 2022, the French regulator fined Google and Facebook €210 million for illegal cookie banners.

Tip: Irish watchdog moves to convict Yahoo of illegal cookie tracking