The Irish Personal Data Protection Commission (DPC) has sanctioned Meta with a 17 million euro fine for the violation of the General Data Protection Regulation (GDPR). The facts date back to the hacker attacks of 2018 which involved 30 million Facebook users, of which about 3 million were European citizens. The DPC investigation is based in more detail on the 12 data breach reports sent to the Authority by the social network giant between 7 June 2018 and 4 December of the same year.
The Authority found the violation of articles 5 (2) and 24 (1) of the GPDR: Meta has not prepared technical measures And adequate organizational structures that would allow it to demonstrate that it has implemented in practice all the security interventions necessary to safeguard user data during the 12 violations mentioned above. Meta has already intervened specifying:
This fine relates to the 2018 record keeping practices that we have since updated, not the failure to protect user information. We take our obligations under the GDPR very seriously, we will carefully consider this decision as we continue to evolve our procedures.