Today the Irish Data Protection Commission (DPC) announced that it has fined the Irish subsidiary of Facebook’s parent company Meta €265 million. The reason is a data leak on Facebook in 2021. At that time, the phone numbers, locations and dates of birth of 533 million people who were Facebook users from 2018 to 2019 were disclosed.
Facebook office in Seattle
The DPC began its investigation into the matter on April 14, 2021. They initially followed media reports of the discovery of this data set made available on the internet. The request concerned questions about compliance with the EU GDPR obligation “Data Protection by Design and Default”, which Meta had not complied with.
The DPC’s decision was adopted last Friday and published today. It records violations of two articles of the GDPR regulations by Meta. Aside from the aforementioned fine, the DPC issued an order requiring Meta to bring its data processing “into compliance by taking a range of specified remedial actions within a particular timeframe” the DPC notes.
The comprehensive inquiry process involved working with all other data protection supervisory authorities within the EU. All of whom agreed with the DPC’s decision.