The Irish Data Protection Commission (DPC) has issued a €251 million fine to Meta following a personal data breach in 2018 affecting 29 million global Facebook accounts, of which approximately 3 million were based in the EU/EEA. The breach involved the exploitation of user tokens on Facebook by unauthorised third parties and was rectified by Meta soon after discovery. The fine relates to two separate decisions concerning the violations of Articles 33(3) and 33(5) along with Articles 25(1) and 25(2) of the EU General Data Protection Regulation (GDPR).
Legal documents released in 2020 indicate that Meta knew about a security flaw nine months before the breach took place but failed to act.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
