BEERG Newsletter - GDPR: Irish fines on Meta hit almost €1bn in one year

Derek Mooney writes: this week the Irish Data Protection Commission (DPC) handed down a €265 million fine to Meta (the Facebook parent company) for a data breach under GDPR’s Art 25. The breach involved the "scraping" of the personal data of hundreds of millions of users from the site and appearing for sale on a hacking forum (details here). Also see RTÉ TV news report HERE

This latest fine brings the total value of penalties imposed by the DPC, on Meta, over the past year (or so), to almost €1 billion (well, approx.. €900m). A Meta spokesperson said the company was reviewing the latest decision carefully. In September, Meta lodged an appeal in the Irish High Court against a €405m DPC fine imposed on Instagram.

Regarding the situation at Twitter, during an interview with RTÉ news (see link above) the Data Protection Commissioner Helen Dixon said the DPC was concerned about recent staff departures and that her office is looking to establish what is in place in Twitter’s Irish office, saying:

"Importantly here in Ireland, where Twitter in Ireland is the main establishment for EU purposes under the GDPR, there has to be a board in place that's making the decisions on personal data processing in respect of EU users."