Ireland Data Protection Commission fines Meta €251 million

PANews reported on December 18 that according to an announcement from the Irish Data Protection Commission (DPC), the DPC made a final decision and imposed a fine of 251 million euros in response to the data breach reported by Meta Platforms Ireland Limited (MPIL) in 2018. This data leak affected approximately 29 million Facebook accounts around the world, of which approximately 3 million accounts were from the EU/EEA. The leaked data included name, email, phone number, location, workplace, birthday, religious affiliation, gender, etc.

According to the DPC’s investigation, Meta breached the General Data Protection Regulation (GDPR) in the following ways:

• Failed to fully perform data breach notification obligations (Article 33, paragraph 3, Article 33, paragraph 5) and was fined 11 million euros;

• Failed to ensure the principle of data protection in the design of data processing systems (Article 25(1), Article 25(2)) and was fined 240 million euros.

DPC Deputy Commissioner Graham Doyle said that this enforcement highlights the serious risks and harms caused by failure to implement data protection requirements in the design and development cycle, especially the leakage of user privacy data that may pose a serious threat to fundamental rights and freedoms. A full decision and related information will be released at a later date.