In September 2018, it came to light that hackers had breached Facebook and gained access to data on over 50 million Facebook accounts. Around 3 million of those affected accounts were based in EU countries.
The personal data involved in the hack included:
- The user’s full name
- Their email address
- Their telephone number
- Their place of residence
- Their place of work
- Their date of birth
- Their religion
- Their gender
- Their posts in their timeline
- The groups they were members of
- The personal data of their children
The security breach was caused by the exploitation of user tokens on the Facebook platform by unauthorized third parties. The issue was remedied by Meta Platforms Ireland Limited (MPIL) and its US parent company shortly after it was discovered.
The Irish Data Protection Commission (DPC) has now imposed a fine of €251 million on Meta Ireland, Facebook’s parent company, as a result. The reasons for the fine are as follows:
- Meta didn’t include all the required details, which it could and should have provided, in its data breach notification. The data protection commissioner reprimanded MPIL for failing to comply with the law and ordered it to pay fines totaling €8 million.
- Meta failed to document the facts of each breach and the steps taken to remedy them in a manner that would allow the regulator to verify compliance. The regulator reprimanded MPIL for these failures and ordered the payment of fines totaling €3 million.
- Meta failed to ensure that data protection principles were protected in the design of its processing systems. The data protection authority found that MPIL had breached this provision, issued a warning to MPIL, and ordered it to pay fines totaling €130 million.
- Meta failed to fulfill its obligations as a data controller to ensure that, by default, only personal data necessary for specific purposes was processed. The data protection authority found that MPIL had breached these provisions, warned MPIL, and ordered it to pay fines totaling €110 million.
Facebook is likely to appeal the fines.
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
