LAST UPDATE | 28 Nov 2022
THE DATA PROTECTION Commission has fined Meta, the company that owns Facebook, €265 million over data regulation breaches.
An inquiry by the DPC found infringements of two GDPR articles linked to the requirement for “data protection by design and default”.
The fine is officially imposed on Meta Platforms Ireland Limited (MPIL).
The DPC’s inquiry began in April 2021 after media reports on the discovery of a collated dataset of Facebook personal data that had been made available on the internet.
It examined Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools between 25 May 2018 and September 2019 in relation to data processing carried out by MPIL.
“The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default,” the DPC said.
“The DPC examined the implementation of technical and organisational measures pursuant to Article 25 GDPR (which deals with this concept).
“There was a comprehensive inquiry process, including cooperation with all of the other data protection supervisory authorities within the EU. Those supervisory authorities agreed with the decision of the DPC.”
At the time of the data breach, Facebook said that data had been “scraped” and not hacked.
Scraping refers to automated software taking public information from the internet.
The DPC has also ordered MPIL to bring make its data processing practices compliant with GDPR by taking a range of specific remedial actions within a set timeframe.
Meta stated that it had cooperated fully with the DPC and had made changes, as well as reviewing the decision carefully.
Earlier this year, the DPC imposed a €17 million fine on Meta following an inquiry into 12 data breach notifications between June and December 2018.
In September, it fined Instagram €405 million for breaching the privacy rights of children.
To embed this post, copy the code below on your site
have your say