Ireland’s Data Protection Commision (DPC) has issued a fine of €17 million to Meta Platforms Ireland after the company broke EU data privacy rules.

The decision followed an investigation by the regulator into 12 data breach notifications it received in the six-month period between 7 June 2018 and 4 December 2018.

The inquiry explored the extent to which Meta complied with GDPR rules in relation to the processing of personal data relevant to the breaches.

The DPC found that the tech company had “failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches”.

While objections to the DPC’s draft decision were raised by two of the European supervisory authorities, consensus was achieved through further engagement between the DPC and the supervisory authorities concerned.

“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people's information," said a Meta spokesperson. "We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”

Share Story: