PANews reported on December 18 that according to the announcement of the Irish Data Protection Commission (DPC), the DPC made a final decision and imposed a fine of 251 million euros on Meta Platforms Ireland Limited (MPIL) for the data breach reported in 2018. The data breach affected about 29 million Facebook accounts worldwide, of which about 3 million were from the EU/EEA. The leaked data included name, email, phone number, location, work unit, birthday, religious belief, gender, etc.
According to the DPC’s investigation, Meta violated the General Data Protection Regulation (GDPR) in the following ways:
• Failure to adequately comply with the obligation to notify a data breach (Article 33(3), Article 33(5)) and was fined €11 million;
• Failure to ensure the principle of data protection in the design of data processing systems (Article 25(1), Article 25(2)) was fined €240 million.
Graham Doyle, deputy commissioner of the DPC, said: "This enforcement highlights that failure to implement data protection requirements during the design and development cycle can lead to serious risks and harms, especially the leakage of user privacy data may pose a serious threat to fundamental rights and freedoms. The full decision and related information will be published later.
