Irish Watchdog fines Meta EUR 17 million for data breach

Following an investigation into 12 data breaches, the social media behemoth that owns WhatsApp, Instagram, and Facebook was fined.

Ireland fined Facebook parent company, Meta, on Tuesday for violating EU data privacy laws, the latest European action against the business practises of US tech titans.

Following an investigation into 12 data breaches, the Data Protection Commission fined the social media giant, which owns WhatsApp, Instagram, and Facebook, a total of EUR 17 million (roughly Rs. 142 crores) (DPC).

Ireland, an EU member that houses the regional headquarters of a number of leading technology companies such as Apple, Google, and Twitter, has played a role in policing the bloc’s stringent General Data Protection Regulations (GDPR).

Meta’s was found to have “failed to have in place appropriate technical and organisational measures” in the context of the 12 personal data breaches, according to the Irish data watchdog.

The DPC received the data breach notifications between June 7, 2018 and December 4, 2018, according to the report.

“This fine is for record-keeping practises from 2018, which we have since updated, not for failing to protect people’s information,” a Meta spokesperson told AFP.

“We take our GDPR obligations seriously and will carefully consider this decision as our processes evolve.”

Two European supervisory authorities involved in the GDPR decision-making process raised concerns about the initial DPC decision, but the Irish commission stated that “consensus was achieved through further engagement between the DPC and the supervisory authorities.”

Following pressure from other European regulators to increase an initial penalty, Ireland slapped WhatsApp with a record EUR 225 million (roughly Rs. 1,885 crores) fine in September last year.

The DPC proposed imposing a fine of between EUR 30 and 50 million (roughly Rs. 251 crore and Rs. 418 crores) in a draught finding submitted to other European regulators for approval, but a number of national regulators rejected the figure, triggering the launch of a dispute resolution process.

The GDPR, which went into effect in 2018, has been viewed as a powerful tool for EU members to use to rein in the excesses of big tech companies, providing national watchdogs with cross-border powers and the ability to levy large fines for data misuse.