Meta Fined Ireland Rp266 Billion Bigger Than Twitter For 2018 Case
JAKARTA - The Irish Data Protection Commission (DPC) fined Meta Platform Inc.'s subsidiary, Facebook, US$18.6 million for a series of personal data breaches that occurred nearly four years ago.
The $266 billion fine follows a DPC investigation into security issues that affected up to 30 million Facebook users in 2018.
At that time, DPC received no less than 12 data breach notifications from the tech giant in the six-month period between 7 June 2018 and 4 December 2018.
The European Union's General Data Protection Regulation (GDPR) which came into effect in May 2018 places a legal requirement on data controllers to quickly disclose personal data breaches to supervisory authorities if information leakage is likely to pose a risk to users.
"The investigation examined the extent to which the Meta Platform complies with the requirements of Articles 5(1)(f), 5(2), 24(1) and 32(1) with respect to the processing of personal data relevant to the twelve infringement notices. official.
As a result of its investigation, DPC found that Meta violated Articles 5(2) and 24(1) of the GDPR. DPC found that Meta failed to have proper technical and organizational measures in place to protect EU user data, in the context of 12 personal data breaches.
However, in response to this, a Meta spokesperson sought to play down the episode as simply a case of historically weak record keeping.
"This fine is about the record-keeping practices from 2018 that we have updated, not a failure to protect people's information. We take our obligations under the GDPR seriously, and will consider this decision carefully as our process continues to evolve," a Meta spokesperson said.
According to him, the sentence announced by the DPC is Ireland's first final decision on a GDPR investigation against Facebook itself since the regulation came into effect almost four years ago, although regulators issued separate (larger) sanctions against Facebook's WhatsApp last year for breaches of transparency rules.
The DPC confirmed that its draft decision on this Facebook investigation had faced several objections from other EU data protection authorities, this was also the case in previous investigations into Twitter security breaches, as well as transparency decisions on WhatsApp.
Unfortunately, the DPC did not specify whether the fine was increased as a result of the objection, or which authorities objected to. The fines given by the DPC are actually relatively small, of course, this is far from the maximum 4 percent of Meta's global annual turnover which will be more than one billion dollars.
However, the DPC awarded a smaller fine of just $550,000 to Twitter at the end of 2020 for administrative failures surrounding security breach notifications.
While it is likely that something could go wrong in each case, it is quite clear that security breaches judged by EU authorities but unintentional are likely to attract lesser penalties than systemic or flagrant breaches of the rules.
It also follows that the entire chain of misconduct has netted Facebook a bigger penalty than Twitter, which only reported one violation instead of a full dozen.