IRELAND has fined Meta €251m in relation to a data breach which occurred in 2018.
The Irish Data Protection Commission (DPC) launched two inquiries following the personal data breach, which was reported by Meta in September 2018.
The breach affected approximately 29 million Facebook accounts globally, of which some three million were based in the EU/EEA.
The personal data involved included the Facebook users’ full name, email address, phone number, location, place of work, date of birth, religion and gender as well as posts on timelines, groups of which a user was a member and children’s personal data.
On December 17, the DPC gave its final decisions relating to the breach.
Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, issued a number of reprimands and an order for Meta to pay administrative fines totalling €251m.
“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” DPC Deputy Commissioner Graham Doyle said.
“Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances,” he added.
“By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”
The DPC will publish the full decision at a later date.