On Tuesday 17 December, the Irish Data Protection Commission (DPC) fined Facebook and Instagram’s parent company €251 million for a data protection breach that led to the hacking of numerous user accounts.
In September 2018, over a two-week period, data from 29 million Facebook users, including 3 million Europeans, leaked through a security flaw linked to its video upload function.
While Meta successfully remedied the security problem that caused the leak, it was exacerbated by breaches of several obligations under Articles 33 and 25 of the Data Protection Regulation (GDPR), according to the DPC.
The fine imposed is divided into two parts: €11 million for the lack of documentation provided by Meta upon notifying the data leak, and €240 million for a lack of adequate protection in the design of processing systems and during the direct processing of personal data.
“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals”, said DPC Assistant Commissioner Graham Doyle.
The company has indicated its intention to appeal the penalty according to AFP. (Original version in French by Isalia Stieffatre)