The Data Protection Commission (DPC) of Ireland has imposed a fine of €251 million (approximately $264 million or Rs. 2,242 crore) on Meta Platforms’ Irish subsidiary following two investigations into a significant personal data breach affecting approximately 29 million users globally.
Meta Platforms Ireland Limited reported the data breach in September 2018. The compromised information included users’ full names, email addresses, phone numbers, and content from their timelines and groups, according to a statement released by the watchdog on Tuesday. Of the users affected, around three million were located within the European Union and European Economic Area.
The breach was attributed to unauthorized third parties exploiting user tokens on Facebook. Meta Platforms Ireland Limited, along with its parent company in the United States, addressed the issue soon after it was detected.
The DPC concluded that Meta had violated General Data Protection Regulation (GDPR) provisions by not adequately documenting the incidents and the measures taken to address them. Furthermore, the commission highlighted that the company failed to comply with its obligations regarding the processing of personal data necessary for specific purposes.
In a statement, a Meta spokesperson emphasized that the company acted swiftly to rectify the situation upon identification of the issue and proactively informed those affected as well as the DPC. “We have a wide range of industry-leading measures in place to protect people across our platforms,” the spokesperson added.
This recent fine comes on the heels of another penalty issued to Meta earlier this year, amounting to €91 million ($95.6 million or Rs. 812 crore) due to an investigation into its password storage practices.
Additionally, Meta had previously faced a record €1.2 billion ($1.3 billion or Rs. 11,040 crore) fine from the DPC last year for allegedly transferring user data to the United States. These penalties form part of a larger EU initiative aimed at regulating major technology firms, with the Irish DPC serving as a key authority for numerous prominent tech companies operating within the region.
The DPC plans to release the complete decision and related details in due course, while Meta has indicated that it intends to appeal the commission’s findings.
© 2024 Bloomberg LP
(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)
