The EU imposes a €265 million fine on Meta (formerly Facebook) for not protecting its users’ data adequately. The case began in 2021 with the announcement by the Irish regulator of the opening of an investigation into Facebook. This investigation follows the discovery of a data breach of over 530 million social media users in 2019.
It was the DPC, the Irish Data Protection Commission, that investigated on behalf of the European Union and made this statement. This Irish organization, similar to the French Cnil, conducted an investigation, because it is in Ireland that the European headquarters of the company is located.
The investigation focused on the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer (…) apps between May 25, 2018 and September 2019. The purpose of the investigation was to find out if Meta had adequately protected its users’ data in relation to European regulations.
Strengthening restrictions and fines
The question arose whether Facebook is required to report this data breach to the data center, and whether the social network should warn users affected by this data breach. These are two obligations under the GDPR governing this type of data breach.
First of all, the entry into force of the General Data Protection Regulation (GDPR) in 2018 tightened control over the use and management of personal data by digital players and significantly increased the amount of fines. The regulation provides that regulators can impose a fine of up to 4% of the global turnover of these groups in case of non-compliance. In recent years, GAFA have not been spared these heavy fines.
“Protecting people’s privacy is critical to the operation of our business,” a Meta spokesperson said. “That is why we have fully cooperated with the Data Protection Commission on this important issue. We have made changes to our systems,” Facebook said in a statement.