- Meta has received a fine of 251 million euros according to the GDPR
- Punishment follows 2018 Facebook data breach incident
- Ireland’s Data Protection Commission has yet to collect many of the fines
Meta has received another fine under the GDPR, and the parent company of Facebook, Instagram and WhatsApp faces a fine of 251 million euros (around $263 million) following a data breach in 2018 that exposed around 29 million of Facebook accounts worldwide, 3 million of which were from the EU. based users.
Ireland’s Data Protection Commission (DPC) has been one of Europe’s leading regulatory bodies when it comes to holding tech companies accountable, imposing huge penalties for breaches of the GDPR, including the largest fine to date, a $1.3 billion charge, also against Meta, for data handling.
The most recent breaches concern the attack in which malicious actors used the “view as” feature, which typically allows users to see how their friends and family view their account, to steal access tokens and take over the user’s account. .
Millions of users affected
Of the users whose tokens were stolen, 15 million had their phone numbers and email addresses exposed, and another 14 million also had their usernames, gender, marital status, and location records accessed. One million lucky users did not have their data stolen.
Following the breach, the DPC found that Facebook breached the GDPR by failing to include sufficient information in its breach notification and failing to adequately document the facts of the incident. The DPC also found that the company failed to ensure that data protection principles were protected and that Facebook had failed to fulfill its “obligation as a controller” to ensure that only necessary personal data was processed.
“This enforcement action highlights how failure to incorporate data protection requirements throughout the design and development cycle can expose people to very serious risks and harm, including a risk to people’s fundamental rights and freedoms. “said DPC Commissioner Graham Doyle.
This may seem like a hefty fine, and it is, but the reality of these GDPR fines is not exactly what it seems. So far, only 1% of these DPC fines have been collected, so there is a possibility that this fine will also get stuck in the appeals process indefinitely.
