This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| less than a minute read

Facebook Fined €17M For Data Breaches under GDPR

The Irish data regulator has fined Meta/Facebook approximately $18M for twelve data breach violations reported within a six-month period in 2018, the year the GDPR took effect. The fines relate to a finding that Facebook failed to maintain "appropriate" security measures in respect of personal data being processed.  

These fines relate to transfer of information out of the EU, which has been under deep scrutiny by EU regulators for the last two years and has necessitated increasingly complex negotiations between EU and US companies.  

Why It Matters

Data regulators are aggressively pursuing GDPR violations against American companies at the moment, and much of their focus seems to be on cross-border transfer. We urge all American companies with cloud services, social media presence, and use of analytics or adtech to examine their settings and ensure that their implementation of such items as the Facebook pixel, AWS, or Google Analytics comply with privacy laws including the data transfer and data security requirements of the GDPR.  

The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches. Given that the processing under examination constituted “cross-border” processing, the DPC’s decision was subject to the co-decision-making process outlined in Article 60 GDPR and all of the other European supervisory authorities were engaged as co-decision-makers.


insights, hill_mitzi, data security and privacy