Ireland: DPC imposes €265 million fine on Meta

265 million gdpr fine to Meta

On November 28, 2022, the Data Protection Commission (DPC) announced its decision to impose a fine of €265 million and a range of corrective measures on Meta Platforms Ireland Limited, the data controller of the Facebook social media network.

The fine was issued for violations of Articles 25(1) and 25(2) of the General Data Protection Regulation (GDPR) following an inquiry regarding data scrapping.

DPCs inquiry and findings

The DPCs inquiry launched in April 2022, after the media reported the discovery of collated dataset of Facebook personal data that became available on the internet.

The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer, and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms between May 2018 and September 2019.

The material issue raised during the inquiry concerned compliance with the GDPR obligation for Data Protection by Design and Default. Pursuant to Article 25, the DPC examined the implementation of technical and organizational measures.

The decision and the outcome

The DPCs decision imposes a reprimand and an order, requiring Meta to take a range of specified remedial actions within a particular timeframe in order to comply and issues administrative fines of €265 million on Meta.

The DPC specifically noted that the inquiry was comprehensive and included cooperation with other data protection supervisory authorities within the EU. Therefore, the DPC noted that those supervisory authorities agreed with the DPC’s decision.

Read the entire press release: Data Protection Commission announces decision in Facebook “Data Scraping” Inquiry

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top