Ireland’s Data Protection Commission has hit Meta (formerly known as Facebook) with a fine worth $18.6 million for a series of data breach notifications in the European Union (EU).
The commission said Meta failed to have appropriate technical and organizational safeguards in place to protect its users’ data. That left users vulnerable in 12 breaches over a six-month period during 2018.
When the breaches were first revealed, the commission’s investigation revealed that as many as 50 million Facebook accounts were impacted, some allowing hackers access to Facebook users’ photos.
Meta calls the fine unfair
Facebook should be relieved that the fine wasn't any larger. Under the EU’s data protection law, member blocs like Ireland can levy penalties as high as 4% of a company’s annual revenue for the most egregious violations. In Meta's case, that would have equated to a fine of more than $4 billion.
Last year, Ireland fined another Meta product – WhatsApp – $246 million. Amazon was also slapped with a record $746 million by the country of Luxembourg’s privacy custodian.
Nonetheless, Meta still contends that the fine is unfair because it took the commission nearly four years to make its decision. Company officials say they were still making adjustments to privacy settings at that time.
“This fine is about record-keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” Meta told Bloomberg News.