Meta Platforms Ireland Limited – €17,000,000 Fine (Ireland, 2022)

The Irish DPA (DPC) has imposed a fine of EUR 17 million on Meta Platforms Ireland Limited (former Facebook Ireland Limited). The decision is based on twelve notifications of data breaches that occurred between June 7, 2018 and December 4, 2018. The outcome of the DPC's investigation revealed that Meta had violated Article 5 (2) GDPR and Article 24 (1) GDPR. In the course of its investigation, the DPC found that Meta failed to demonstrate that it had taken appropriate technical and organizational measures to protect the data of EU users. The fine proceedings involved cross-border data processing, which is why the decision was subject to the co-decision procedure under Art. 60 GDPR involving all other European supervisory authorities as co-decision-makers. Although two European DPAs objected to the DPC's draft decision, a consensus was ultimately reached. Accordingly, the DPC's decision reflects the collective views of the DPC and the other European DPAs.