According to the regulator’s press release, Facebook had notified it of 12 data breaches in the six months between 7 June 2018 and 4 December 2018, when the company hadn’t changed its name to Meta. The DPC expectedly launched an investigation to determine whether the social media biggie complied with the requirements of Europe’s General Data Protection Regulation (GDPR), which came into application in May 2018. The investigation found that Meta violated two articles of GDPR — Article 5(2) and Article 24(1). These articles concern the processing of personal data. The DPC said the company didn’t have “appropriate technical and organizational measures” in place for it to “readily demonstrate the security measures that it implemented in practice to protect EU users’ data.” Since the investigation constituted “cross-border processing,” the DPC consulted with other European supervisory authorities under GDPR guidelines before reaching the decision. While two supervisory authorities initially objected to the draft decision, they reached an agreement through further engagement. As such, the DPC’s decision to fine Meta €17 million for those security lapses “represents the collective views of both the DPC and its counterpart supervisory authorities throughout the EU.” Of course, Meta doesn’t agree to any wrongdoing here. “This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” a company spokesperson told Engadget. “We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”
Meta faces another multi-million fine
Meta, aka Facebook, is not new to such multi-million fines. Last month, the company agreed to pay a $90 million fine to settle a 2012 lawsuit. It alleged the social media giant of tracking users even after they logged out of their accounts. Meta was also ordered to delete the data it unlawfully collected. Before that, in September 2021, Meta was fined €225 million (~$248 million) by the DPC. It concerned the company’s handling of the personal data of WhatsApp users. Now, the DPC has slapped Meta with another fine. But the amount is a lot lesser this time around. Violating GDPR rules could attract fines of up to 4 percent of a company’s annual revenue. Meta made $32.6 billion in ad revenues in Q4 2021 alone. So an $18 million fine is a drop in the ocean for it.