DPC (Ireland) - Meta Platforms: Difference between revisions
No edit summary |
No edit summary |
||
(6 intermediate revisions by 3 users not shown) | |||
Line 14: | Line 14: | ||
|Original_Source_Language_1=English | |Original_Source_Language_1=English | ||
|Original_Source_Language__Code_1=EN | |Original_Source_Language__Code_1=EN | ||
|Original_Source_Name_2=Full decision | |||
|Original_Source_Link_2=https://www.dataprotection.ie/sites/default/files/uploads/2022-09/Full%20Decision%2018-11-5%20Facebook%2012%20breaches.pdf | |||
|Original_Source_Language_2=English | |||
|Original_Source_Language__Code_2=EN | |||
|Type=Investigation | |Type=Investigation | ||
Line 32: | Line 37: | ||
|GDPR_Article_4=Article 32(1) GDPR | |GDPR_Article_4=Article 32(1) GDPR | ||
|GDPR_Article_Link_4=Article 32 GDPR#1 | |GDPR_Article_Link_4=Article 32 GDPR#1 | ||
| | |GDPR_Article_5=Article 60 GDPR | ||
| | |GDPR_Article_Link_5=Article 60 GDPR | ||
Line 66: | Line 71: | ||
=== Holding === | === Holding === | ||
The DPC fined Meta Platforms | The DPC fined Meta Platforms €17,000,000 for the violation of [[Article 5 GDPR#2|Article 5(2) GDPR]] and [[Article 24 GDPR#1|Article 24(1) GDPR]] for failing to implement appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented ''in practice'' to protect EU users’ data, in the context of the twelve personal data breaches. | ||
The DPC's decision was subject to the co-decision-making process outlined in [[Article 60 GDPR|Article 60 GDPR]] and all of the other European supervisory authorities were engaged as co-decision-makers since the processing under examination constituted cross-border processing. While objections to the DPC’s draft decision were raised by two of the European supervisory authorities, consensus was achieved through further engagement between the DPC and the supervisory authorities concerned. | The DPC's decision was subject to the co-decision-making process outlined in [[Article 60 GDPR|Article 60 GDPR]] and all of the other European supervisory authorities were engaged as co-decision-makers since the processing under examination constituted cross-border processing. While objections to the DPC’s draft decision were raised by two of the European supervisory authorities, consensus was achieved through further engagement between the DPC and the supervisory authorities concerned. |
Latest revision as of 08:47, 11 October 2022
DPC (Ireland) - Meta Platforms | |
---|---|
Authority: | DPC (Ireland) |
Jurisdiction: | Ireland |
Relevant Law: | Article 5(1)(f) GDPR Article 5(2) GDPR Article 24(1) GDPR Article 32(1) GDPR Article 60 GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | 07.06.2018 |
Decided: | 15.03.2022 |
Published: | 15.03.2022 |
Fine: | 17,000,000 EUR |
Parties: | Meta Platforms |
National Case Number/Name: | Meta Platforms |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | English English |
Original Source: | DPC (Press release) (in EN) Full decision (in EN) |
Initial Contributor: | kc |
The Irish DPA fined Meta Platforms (formerly Facebook Ireland Limited) €17,000,000 for failing to implement appropriate technical and organisational measures in order to protect EU users' data, in violation of Articles 5(2) and 24(1) GDPR.
English Summary
Facts
The Irish DPA (DPC) investigated a series of twelve data breach notifications it received in the six month period between 7 June 2018 and 4 December 2018. The inquiry examined the extent to which Meta Platforms complied with the requirements of Articles 5(1)(f), 5(2), 24(1) and 32(1) GDPR in relation to the processing of personal data relevant to the twelve breach notifications.
Holding
The DPC fined Meta Platforms €17,000,000 for the violation of Article 5(2) GDPR and Article 24(1) GDPR for failing to implement appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches.
The DPC's decision was subject to the co-decision-making process outlined in Article 60 GDPR and all of the other European supervisory authorities were engaged as co-decision-makers since the processing under examination constituted cross-border processing. While objections to the DPC’s draft decision were raised by two of the European supervisory authorities, consensus was achieved through further engagement between the DPC and the supervisory authorities concerned.
Comment
So far, only the press release is available.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the English original. Please refer to the English original for more details.
Data Protection Commission announces decision in Meta (Facebook) inquiry 15th March 2022 The DPC has today adopted a decision, imposing a fine of €17m on Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) (“Meta Platforms”). The decision followed an inquiry by the DPC into a series of twelve data breach notifications it received in the six month period between 7 June 2018 and 4 December 2018. The inquiry examined the extent to which Meta Platforms complied with the requirements of GDPR Articles 5(1)(f), 5(2), 24(1) and 32(1) in relation to the processing of personal data relevant to the twelve breach notifications. As a result of its inquiry, the DPC found that Meta Platforms infringed Articles 5(2) and 24(1) GDPR. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches. Given that the processing under examination constituted “cross-border” processing, the DPC’s decision was subject to the co-decision-making process outlined in Article 60 GDPR and all of the other European supervisory authorities were engaged as co-decision-makers. While objections to the DPC’s draft decision were raised by two of the European supervisory authorities, consensus was achieved through further engagement between the DPC and the supervisory authorities concerned. Accordingly, the DPC’s decision represents the collective views of both the DPC and its counterpart supervisory authorities throughout the EU. Separately, the DPC has today published a statistical report on handling cross-border complaints under the GDPR’s One-Stop-Shop mechanism (see link below). https://www.dataprotection.ie/en/news-media/press-releases/dpc-publishes-statistical-report-handling-cross-border-complaints-under-gdprs-one-stop-shop-oss