The Data Protection Commission (DPC) has fined Facebook parent company Meta Platforms €17m following an inquiry into 12 personal data breach notifications that took place in 2018.
DPC found that Meta infringed on two articles of the EU's General Data Protection Regulation (GDPR) in relation to the processing of personal data.
It judged that Meta failed to have in place "appropriate technical and organisational measures" to demonstrate the security measure it implemented to protect EU users' data in relation to the 12 breaches, which the regulator was notified of between June and December 2018.
As a "cross-border" case, the DPC's decision was subject to the process outlined in Article 60 of the GDPR, and thus all the other European data supervisory authorities engaged in the investigation as co-decision-makers.
"While objections to the DPC’s draft decision were raised by two of the European supervisory authorities, consensus was achieved through further engagement between the DPC and the supervisory authorities concerned," the DPC said in a statement.
"Accordingly, the DPC’s decision represents the collective views of both the DPC and its counterpart supervisory authorities throughout the EU."
The DPC said in its annual report that it was seeking agreed EU-wide standards for enforcement of GDPR while hitting out at perceptions that cases completed and fines levied were sole measures of its success in policing data protection.
Photo: Facebook's Dublin office. (Pic: Getty Images)