Meta Platforms Inc. was fined 17 million euros ($19 million) for violating the EU’s privacy rules by failing to prevent a series of data breaches on its Facebook platform in 2018.
The Irish Data Protection Commission said it found that Facebook “failed to have in place appropriate technical and organisational measures”.
Facebook in 2018 became the first big test case for the EU’s General Data Protection Regulation when the Irish watchdog announced an investigation into a breach that affected as many as 50 million accounts. Tuesday’s probe was started in December that year, looking into 12 breach notifications by Facebook, including ones caused by a software bug that gave outside developers access to the photos of millions of users.
The EU’s data protection law for the first time empowered the bloc’s privacy regulators to levy penalties of as much as 4 per cent of a company’s annual revenue for the most serious violations. But tensions have been building over the amount of time Ireland’s authority is taking to complete probes of the likes of Meta and Apple Inc.
The two biggest fines under GDPR so far included a 225 million-euro penalty for WhatsApp by the Irish authority last year, and a record 746 million-euro fine for Amazon.com Inc. by its lead privacy watchdog in Luxembourg.