Meta Platforms Ireland Limited
Insufficient technical and organisational measures to ensure information security
Ngày ra quyết định
17 tháng 12, 2024
Thẩm quyền
Data Protection Authority of Ireland
IE
Ngành
Social Media
Quốc gia
IE
Luật
GDPRTrạng thái
FINALMô tả
The Irish Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited EUR 251 million. The fine was imposed for data protection violations related to a data breach that occurred in 2018 and affected 29 million Facebook accounts worldwide, including 3 million in the EU/EEA. Compromised data included names, email addresses, phone numbers, and children's data. The breach resulted from the exploitation of user tokens on the platform by unauthorized third parties. The DPC found that Meta had violated Art. 33 GDPR (EUR 11 million), as information was missing from the data breach notification, for example. The DPC also found violations of Art. 25 GDPR (EUR 240 million), concluding that Meta had failed to ensure that data protection principles were protected in the design of processing systems and had failed in its obligations as a controller to ensure that, by default, only personal data that are necessary for specific purposes are processed.