The Data Protection Commission (DPC) of Ireland has imposed a fine of €251 million ($264 million or approximately Rs. 2,242 crore) on Meta Platforms’ Irish subsidiary following two investigations concerning a data breach that affected 29 million users globally.
The breach, which was disclosed by Meta Platforms Ireland Limited in September 2018, involved the exposure of various user data elements such as full names, email addresses, phone numbers, and posts shared on users’ timelines and within groups. The DPC indicated that about three million of the compromised accounts belonged to users within the European Union and the European Economic Area.
The incident occurred due to unauthorized third parties exploiting user tokens on Facebook. Meta reportedly addressed the breach promptly after it was identified, according to the DPC’s statement.
The commission concluded that Meta had violated General Data Protection Regulation (GDPR) provisions by not adequately documenting the facts pertaining to the breach and the remedial actions taken. Additionally, the DPC found that Meta failed to meet its responsibilities to ensure that only necessary personal data is processed by default.
A spokesperson for Meta remarked, “We took immediate action to fix the problem as soon as it was identified, and we proactively informed those affected as well as the Irish Data Protection Commission. We have implemented a broad array of industry-leading measures to safeguard users across our platforms.”
This penalty adds to an earlier fine of €91 million ($95.6 million or approximately Rs. 812 crore) that the DPC issued in September of this year, related to an inquiry into the company’s password storage practices.
Furthermore, these fines accumulate to a historic total of €1.2 billion ($1.3 billion or roughly Rs. 11,040 crore), which Meta was charged with last year by the same commission concerning allegations of transferring user data to the United States. Such fines are part of a larger initiative in the European Union aimed at regulating major technology companies, with the Irish watchdog being a key player, particularly as the lead privacy authority for many prominent tech firms based in Ireland.
The DPC plans to release the full decision and additional information in the near future. Meta has indicated its intentions to appeal the decisions.
© 2024 Bloomberg LP
(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)
