The IDPC criticized Meta for inadequate data protection measures. It found the company failed to design its processing systems with robust security, process personal data only when necessary, and fully disclose information about the breach.
DPC and Meta Respond
Meta responded to the fine, stating, “This decision relates to an incident from 2018. We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission.” The company also noted that it now implements “industry-leading measures” to protect users across its platforms.
“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms,” said DPC Deputy Commissioner Graham Doyle. He emphasized that the breach posed “a grave risk of misuse” of users’ profile data.
Cambridge Analytica Scandal Settlement
Separately, Meta settled a $31.7 million lawsuit in Australia related to the Cambridge Analytica scandal. A whistleblower revealed in 2018 that Cambridge Analytica had harvested Facebook user data to influence U.S. voters during Donald Trump’s 2016 presidential campaign and the Brexit referendum.
