Meta Platforms Ireland Limited – €251,000,000 Fine (Ireland, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Meta Platforms Ireland Limited was fined for failing to protect user data during a major breach that affected millions. The company did not provide complete information about the breach and did not design its systems to prioritize data protection. This case shows that even large companies must follow strict data protection rules.
What happened
Meta was fined for data protection violations related to a 2018 data breach affecting 29 million Facebook accounts.
Who was affected
Facebook users worldwide, including 3 million in the EU, were affected by the breach.
What the authority found
The Irish Data Protection Commission ruled that Meta violated GDPR by not properly notifying about the breach and failing to ensure data protection in its systems.
Why this matters
This significant fine illustrates that companies must prioritize data protection in their operations. It sets a precedent for holding large tech firms accountable for data breaches.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Irish Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited EUR 251 million. The fine was imposed for data protection violations related to a data breach that occurred in 2018 and affected 29 million Facebook accounts worldwide, including 3 million in the EU/EEA. Compromised data included names, email addresses, phone numbers, and children's data. The breach resulted from the exploitation of user tokens on the platform by unauthorized third parties. The DPC found that Meta had violated Art. 33 GDPR (EUR 11 million), as information was missing from the data breach notification, for example. The DPC also found violations of Art. 25 GDPR (EUR 240 million), concluding that Meta had failed to ensure that data protection principles were protected in the design of processing systems and had failed in its obligations as a controller to ensure that, by default, only personal data that are necessary for specific purposes are processed.
Related Enforcement Actions (5)
Other enforcement actions involving Meta Platforms Ireland Limited in IE
Fine
€251.0M
Details
Fine Date
17 December 2024
Authority
Data Protection Commission
Fine Amount
€251,000,000
Enforcement Tracker ID
ETid-2484
About this data
Cite as: Cookie Fines. Meta Platforms Ireland Limited - Ireland (2024). Retrieved from cookiefines.eu
Last updated: