The Irish Data Protection Commission (DPC) announced today that it has imposed a €265 million fine on Meta’s Irish subsidiary. The reason is Facebook’s 2021 data breach that exposed the phone numbers, locations and dates of birth of 533 million people who were Facebook users from 2018 to 2019.
DPC launched its investigation into this matter on April 14, 2021, following media reports about the discovery of this dataset, which was available online. The inquiry relates to matters of compliance with the EU’s General Data Protection Regulation (GDPR) obligation on “data protection by design and default”, which Meta has been found guilty of failing to comply with.
The DPC Resolution was adopted last Friday and published today. Records a meta violation of two GDPR regulations. Aside from the aforementioned fine, an order has been issued requiring Meta to make its data processing “compliant by taking a set of specified corrective actions within a given time frame,” DPC notes.
The comprehensive inquiry process involved cooperation with all other data protection supervisory authorities within the EU, all of which agreed with the DPC’s decision.