Ireland’s data regulator, the Data Protection Commissioner, has fined Facebook’s parent company Meta $19 million over the results of an inquiry that looked into twelve data breach notifications received by the DPC between June 2018 and December 2018. The probe sought to examine how Meta Platforms had complied with Ireland’s requirements regarding the processing of personal data as it pertains to breach notifications. The inquiry found that Meta Platforms infringed two articles of the GDPR, resulting in the enactment of the fines.
A spokesperson for Meta stated that the process continues to evolve and that the company was still considering Tuesday’s decision. In addition, the spokesperson stated that Meta’s process regarding data has evolved since 2018, but that the former process did not fail to protect user information. The DPC’s decision is subject to the co-decision making process, meaning that other European supervisory authorities weighed in as co-decision makers. The DPC confirmed that two authorities had raised objections to the decision, however, consensus was reached through further discussion.