Irish data regulator imposes $18 million fine on Facebook for privacy law violations
Ireland’s Data Protection Commission (DPC), which is responsible for upholding the fundamental rights of individuals in the European Union, has imposed a 17 million euro (approximately $18.7 million) fine on Facebook for failing to comply with EU privacy laws.
The decision comes in the wake of complaints received by the regulator over 12 data breach notifications between 7 June and 4 December in 2018.
In a statement, the DPC said that it has discerned that Meta Platforms (the parent company of Facebook) failed to have appropriate technical and organisational measures in place which would enable it to readily demonstrate the ‘security measures’ that it implemented in practice to protect EU users’ data.
Reacting to the action, Facebook in a statement claimed that the chargeable fine pertains to record-keeping practices from 2018 and not a failure to protect people’s information. “We take our obligations under the GDPR (General Data Protection Regulation) seriously, and will carefully consider this decision as our processes continue to evolve.”
DPC clarified that since the processing under examination constituted “cross-border” processing, its decision was subject to the co-decision-making process outlined in ‘Article 60 GDPR’ and all of the other European supervisory authorities were engaged as co-decision-makers. As a result, the Irish watchdog’s decision represents the collective views of both the DPC and its counterpart supervisory authorities throughout the EU.
In January this year, French tech regulator Commission Nationale de I’informatique et Des Libertes (CNIL) had also imposed a $235 million fine jointly on Facebook and Google for cookie tracking in France. As per a report, the regulator had fined Google 150 million euros and Facebook 60 million euros.