
Source: Computer Weekly
The Data Protection Commission (DPC) of Ireland fined Facebook-parent Meta €17 million (~$18.6 million) over 12 data breaches. The commission said that the tech giant violated a number of articles of the General Data Protection Regulation (GDPR) of the European Union. Reportedly, they failed to have in place “appropriate technical and organisation measures.” This could allow it to readily showcase the measures for security that it “implemented in practice to protect EU users’ data.” They received the notifications regarding the breach between June 7 and December 4 in 2018.
The European Union’s GDPR came into action in May 2018 and works to place a legal necessity on data controllers to conveniently disclose data breaches. In a press release, the organisation specified that Meta “complied with the requirements of GDPR Articles 5(1)(f), 5(2), 24(1) and 32(1) in relation to the processing of personal data relevant to the twelve breach notifications.”
The first final decision that came from Ireland was the penalty announcement from DPC. This step was the first prominent decisional on a such an investigation against Facebook. This was since the regulation initiated its application about four years ago. However, the regulator did issue another prominent sanction against Meta’s WhatsApp in 2021 regarding violation of transparency rules. The DPC imposed a large penalty of $267 million to Meta for this breach.
DPC’s stand on the situation:
The commission stated that its draft decision regarding this Meta inquiry was victim to certain objections from other data protection authorities of the EU. This is something that also took place before in case of a breach by Twitter. They specified two other authorities came up with objections to this inquiry on Facebook. However, Ireland did not confirm whether the fine was affected by these objections, or which authorities objected.
Notably, the fine is comparatively minor, far from the theoretical maximum of 4% of the global annual turnover of Meta. On the other hand, the commission handed an even smaller fine to Twitter of $550,000. This penalty was similarly over failure in administration concerning a breach of security notification. This penalty would hardly affect Meta owing to its revenue of $32.6 billion that it collected in just the last quarter.
Though there are possible differences as to where the problem lied in each situation, one strategy is clear about the assessments conducted by the EU authorities. The security breaches they examine as unintentional would possibly attract lower fines as compared to systemic or flagrant violations of specified rules.This also indicates that a whole line of lapses has ended up netting Facebook a larger penalty. This is in comparison to that of Twitter which had only reported one single breach.
“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” a Meta spokesperson told Engadget. “We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”