According to PANews, the Irish Data Protection Commission (DPC) has imposed a €251 million fine on Meta Platforms Ireland Limited (MPIL) for a data breach reported in 2018. This breach affected approximately 29 million Facebook accounts worldwide, including around 3 million accounts from the EU/European Economic Area. The compromised data included names, emails, phone numbers, locations, workplaces, birthdays, religious beliefs, and genders.
The DPC's investigation concluded that Meta violated the General Data Protection Regulation (GDPR) in several areas. Specifically, Meta failed to adequately fulfill its data breach notification obligations under Article 33(3) and Article 33(5), resulting in an €11 million fine. Additionally, Meta did not ensure that its data processing systems were designed with data protection principles in mind, as required by Article 25(1) and Article 25(2), leading to a €240 million fine.
DPC Deputy Commissioner Graham Doyle emphasized that this enforcement action highlights the significant risks and damages that can arise when data protection requirements are not integrated into the design and development cycle. The exposure of users' private data poses a serious threat to fundamental rights and freedoms. The full decision and related information will be released subsequently.