Irish regulator fines Meta over privacy law violation

Ireland’s Data Protection Commission fined Meta 17 million euros, or roughly $18.6 million, over violations of Europe’s privacy law, the regulator announced Tuesday. 

The fine follows the commission’s inquiry into a series of 12 data breach notifications between June and December 2018. 

The commission said the inquiry found Meta, the new name for the parent company of Facebook, failed to put systems in place that would have allowed it to demonstrate the security measures it implemented to protect users in the European Union within the context of the 12 data breaches. 

“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” Meta said in an emailed statement. “We take our obligations under the GDPR [General Data Protection Regulation] seriously, and will carefully consider this decision as our processes continue to evolve.”

Under the GDPR, Europe’s privacy law, Ireland’s Data Protection Commission leads cross-border data privacy cases for large tech companies that have their European headquarters based in Dublin. 

The commission in September fined WhatsApp, another company under Meta, 225 million euros, or roughly $267 million at the time, for other GDPR violations.