We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Alamy Stock Photo

Data watchdog fines Meta €265 million over GDPR breaches

An inquiry by the DPC that was ongoing since April 2021 found infringements of two GDPR articles.

LAST UPDATE | 28 Nov 2022

THE DATA PROTECTION Commission has fined Meta, the company that owns Facebook, €265 million over data regulation breaches.

An inquiry by the DPC found infringements of two GDPR articles linked to the requirement for “data protection by design and default”.

The fine is officially imposed on Meta Platforms Ireland Limited (MPIL).

The DPC’s inquiry began in April 2021 after media reports on the discovery of a collated dataset of Facebook personal data that had been made available on the internet.

It examined Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools between 25 May 2018 and September 2019 in relation to data processing carried out by MPIL.

“The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default,” the DPC said.

“The DPC examined the implementation of technical and organisational measures pursuant to Article 25 GDPR (which deals with this concept).

“There was a comprehensive inquiry process, including cooperation with all of the other data protection supervisory authorities within the EU. Those supervisory authorities agreed with the decision of the DPC.”

At the time of the data breach, Facebook said that data had been “scraped” and not hacked.

Scraping refers to automated software taking public information from the internet.

The DPC has also ordered MPIL to bring make its data processing practices compliant with GDPR by taking a range of specific remedial actions within a set timeframe.

Meta stated that it had cooperated fully with the DPC and had made changes, as well as  reviewing the decision carefully.

Earlier this year, the DPC imposed a €17 million fine on Meta following an inquiry into 12 data breach notifications between June and December 2018.

In September, it fined Instagram €405 million for breaching the privacy rights of children.

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel