PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Irish data privacy watchdog fines Meta €251 million for GDPR failure

Posted on December 17, 2024 by Dissent

Ireland’s Data Protection Commission slapped Meta with a €251 million fine for failure to comply with the GDPR

Euractiv reports:

The fine was issued for a security breach on social media Facebook which started in July 2017, and affected close to three million accounts in the European Economic Area.

“This enforcement action highlights how the failure to build in data protection requirements […] can expose individuals to […] risk to the fundamental rights and freedoms of individuals,” said the Irish DPC deputy commissioner Graham Doyle.

The breach was a bug in Facebook’s design which allowed unauthorised people using scripts to exploit a vulnerability on a Facebook code, allowing them to view profiles of users they should not have been able to see otherwise.

Meta is expected to appeal the decision. “We took immediate action to fix the problem,” said a Meta spokesperson in an email.

Meta discovered the security issue in September 2018, fixed the vulnerability and informed law enforcement authorities.

Read more at Euractiv.  The specific infringements cited by the DPC were as follows:

The DPC’s final decisions noted the following infringements of the GDPR and the resulting fines for each:

  1. Decision 1
    1. Article 33(3) GDPR – By not including in its breach notification all the information required by that provision that it could and should have included. The DPC reprimanded MPIL for failures in regards to this provision and ordered it to pay administrative fines of €8 million.
    2. Article 33(5) GDPR – By failing to document the facts relating to each breach, the steps taken to remedy them, and to do so in a way that allows the Supervisory Authority to verify compliance. The DPC reprimanded MPIL for failures in regards to this provision and ordered it to pay administrative fines of €3 million.
  2. Decision 2
    1. Article 25(1) GDPR – By failing to ensure that data protection principles were protected in the design of processing systems. The DPC found that MPIL had infringed this provision, reprimanded MPIL, and ordered it to pay administrative fines of €130 million.
    2. Article 25(2) – By failing in their obligations as controllers to ensure that, by default, only personal data that are necessary for specific purposes are processed. The DPC found that MPIL had infringed these provisions, reprimanded MPIL, and ordered it to pay administrative fines of €110 million.

Related posts:

  • Meta Fined Record $1.3 Billion For Violating EU Privacy Rules
Category: BreachesBusinessFeatured NewsGovtLaws

Post navigation

← Why Individual Rights Can’t Protect Privacy
Hospital Must Provide Pre-Complaint Discovery in Privacy Breach Case, Pa. Judge Rules →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Germany’s top court holds that police can only use spyware to investigate serious crimes
  • Flightradar24 receives reprimand for violating aircraft data privacy rights
  • Nebraska Attorney General Sues GM and OnStar Over Alleged Privacy Violations
  • Federal Court Allows Privacy Related Claims to Proceed in a Proposed Class Action Lawsuit Against Motorola
  • Italian Garante Adopts Statement on Health Data and AI
  • Trump administration is launching a new private health tracking system with Big Tech’s help
  • Attorney General James Takes Action to Protect Sensitive Personal Information of Tens of Millions of People

RSS Recent Posts on DataBreaches.net

  • Connex Credit Union notifies 172,000 members of hacking incident
  • Federal judiciary says it is boosting security after cyberattack; researcher finds new leaks (CORRECTED)
  • Bank of America Refused To Reimburse Georgia Customer After Hackers Hit Account. Then a News Station Showed Up.
  • NCERT Issues Advisory on “Blue Locker” Ransomware Targeting Pakistan’s Key Institutions
  • Scattered Spider has a new Telegram channel to list its attacks
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy