Ireland’s Data Protection Commission has fined Meta 17 million euros, or roughly $18.6 million dollars, for privacy violations.
The Irish regulator announced the fine in a statement on Tuesday.
The Data Protection Commission launched an investigation into the Facebook parent company over twelve data breach notifications it received during a six-month period in 2018.
“As a result of its inquiry, the DPC found that Meta Platforms infringed Articles 5(2) and 24(1) GDPR. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches,” the statement said.
In a statement responding to the findings, Meta blamed the privacy violations on poor record-keeping.
“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” Meta said in a statement provided to The Hill. “We take our obligations under the GDPR [General Data Protection Regulation] seriously, and will carefully consider this decision as our processes continue to evolve.”
Meta is also facing legal issues over its privacy standards in the United States.
In February, as Timcast previously reported, Facebook’s parent company Meta has settled a decade-old data class-action privacy lawsuit for $90 million.
The complaint was over the big tech giant’s use of tracking “cookies” in 2010 and 2011 to monitor users’ internet use even after they had logged off the Facebook platform.
As part of the settlement, Facebook also agreed to sequester and delete all the data at issue, which is believed to be unprecedented in a data privacy class action. The agreement is subject to Court review and approval, according to a press release from David Straite, co-lead counsel for the plaintiffs.
“We are grateful to the Ninth Circuit for its watershed ruling, and to Facebook for negotiating this resolution in good faith. This settlement not only repairs harm done to Facebook users but sets a precedent for the future disposition of such matters,” said Straite. “I’ve been involved in more than a few data privacy matters in which the defendant would only consider monetary relief or window-dressing injunctive relief. We applaud Facebook’s willingness to also delete the user data that we alleged was improperly collected.”
Texas Attorney General Ken Paxton has also filed a lawsuit against Facebook over their prior use of facial recognition technology.
The lawsuit is seeking “hundreds of billions” in civil penalties for violating the state’s privacy protections of personal biometric data.
“For over a decade, while holding itself out as a trusted meeting place for Texans to connect and share special moments with family and friends, Facebook was secretly capturing, disclosing, unlawfully retaining — and profiting off of — Texans’ most personal and highly sensitive information: records of their facial geometries, which Texas law refers to as biometric identifiers,” the state argued in the legal complaint.
In 2015, Facebook settled a lawsuit brought on by the state of Illinois over a similar issue for approximately $650 million.