The Irish Data Protection Commission (DPC) has imposed a fine of €17m on Meta Platforms Ireland Limited (formerly Facebook Ireland Limited). Its inquiry related to a series of twelve data breach notifications it received in the six month period between 7 June 2018 and 4 December 2018, for violations of the requirements of GDPR Articles 5(1)(f), 5(2), 24(1) and 32(1) in relation to the processing of personal data relevant to the twelve breach notifications. As a result of its inquiry, the DPC found that Meta Platforms infringed Articles 5(2) and 24(1) GDPR. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data.
Worth noting, the DPC’s decision was subject to the co-decision-making process outlined in Article 60 GDPR (one-stop shop enforcement mechanism) and all of the other European supervisory authorities were engaged as co-decision-makers. Continue reading on the DPC website here.