The Irish Data Protection Commission (DPC) announced today that it has imposed a €265 million fine on Meta’s Irish subsidiary. The reason is a 2021 data breach on Facebook that exposed the phone numbers, locations and birthdates of 533 million people who were Facebook users from 2018 to 2019.
The DPC launched an investigation into the matter on 14 April 2021, following media reports of the discovery of this dataset, which had been made available on the internet. The investigation concerned issues relating to compliance with the EU’s GDPR obligation for “data protection by design and by default”, which Meta was found guilty of not complying with.
The DPC’s decision was adopted last Friday and made public today. Records the violation of two articles of the GDPR regulation by Meta. In addition to the aforementioned sanction, a provision has also been issued which requires Meta to adapt its data processing “through the adoption of a series of corrective actions specified within a certain period”, notes the DPC.
The extensive investigation process involved cooperation with all other data protection supervisory authorities within the EU, who agreed with the DPC’s decision.
Start a new Thread