The Irish data regulator has fined Meta/Facebook approximately $18M for twelve data breach violations reported within a six-month period in 2018, the year the GDPR took effect. The fines relate to a finding that Facebook failed to maintain "appropriate" security measures in respect of personal data being processed.
These fines relate to transfer of information out of the EU, which has been under deep scrutiny by EU regulators for the last two years and has necessitated increasingly complex negotiations between EU and US companies.
Why It Matters
Data regulators are aggressively pursuing GDPR violations against American companies at the moment, and much of their focus seems to be on cross-border transfer. We urge all American companies with cloud services, social media presence, and use of analytics or adtech to examine their settings and ensure that their implementation of such items as the Facebook pixel, AWS, or Google Analytics comply with privacy laws including the data transfer and data security requirements of the GDPR.