The Irish Data Protection Commission (DPC) imposed on Tuesday a €251 million fine on Meta Platforms Ireland for failing to protect user data during a 2018 breach that exposed the personal information of about 29 million Facebook users worldwide, including 3 million in the EU.
"The categories of personal data affected included: user's full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children's personal data," DPC said. Although Meta fixed the issue soon after discovered, it violated several data protection rules.
"This enforcement action highlights how the failure to build in data protection […] can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals … By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data," DPC Deputy Commissioner Graham Doyle noted.
