(Bloomberg) -- Meta Platforms Inc. was fined 17 million euros ($19 million) for violating the European Union’s privacy rules by failing to prevent a series of data breaches on its Facebook platform in 2018.
The Irish Data Protection Commission, the lead EU privacy watchdog for Meta, said it found that Facebook “failed to have in place appropriate technical and organizational measures.”
Facebook in 2018 became the first big test case for the EU’s General Data Protection Regulation when the Irish watchdog announced an investigation into a breach that affected as many as 50 million accounts. Tuesday’s probe was started in December that year, looking into 12 breach notifications by Facebook, including ones caused by a software bug that gave outside developers access to the photos of millions of users.
The EU’s data protection law for the first time empowered the bloc’s privacy regulators to levy penalties of as much as 4% of a company’s annual revenue for the most serious violations. But tensions have been building over the amount of time Ireland’s authority is taking to complete probes of the likes of Meta and Apple Inc.
“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” Meta said in an emailed statement.
The two biggest fines under GDPR so far included a 225 million-euro penalty for WhatsApp by the Irish authority last year, and a record 746 million-euro fine for Amazon.com Inc. by its lead privacy watchdog in Luxembourg.
©2022 Bloomberg L.P.