Ireland's Data Protection Commission has fined Meta €17 million ($18.6 million) over 12 data breaches. It said the company violated several articles of the European Union's General Data Protection Regulation (GDPR) by failing "to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data."
The DPC received the data breach notifications from Meta between June and December 2018. Before announcing the fine, it consulted with other European authorities under GDPR guidelines, as the investigation was related to “cross-border” processing.
“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people's information," a Meta spokesperson told Engadget. "We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”
The fine is a drop in the ocean for Meta, which raked in $32.6 billion in ad revenue last quarter alone. The penalty pales in comparison with a $267 million fine the DPC imposed last year after it determined Meta app WhatsApp failed to comply with GDPR transparency rules. The regulator has investigated Meta over other data-related issues.