The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of EUR17 million (~$18. 6 million) for a series of security lapses that occurred in violation of the European Union’s GDPR laws in the region.
“The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches,” the watchdog said in a press release.
The decision follows the regulator’s investigation into 12 data breach notifications it received over the course of a six-month period between June 7 and December 4, 2018.
“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” Meta said in a statement shared with the Associated Press. We take the GDPR’s obligations seriously and we will be carefully considering this decision in light of our evolving processes. “
The development follows a similar penalty the DPC imposed on WhatsApp, fining the messaging service EUR225 million in September 2021 for failing to meet its GDPR transparency obligations. Following the ruling, WhatsApp tweaked its privacy policy with regards to how it handles European users’ data and shares that information with its parent, Meta.
Around the same time, the Luxembourg National Commission for Data Protection (CNPD) also hit Amazon with an $886. 6 million fine in July 2021 for non-compliance with data-processing laws. France also fined Meta and Google earlier in the year for their violations of E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology.
