The Irish DPC has issued a fine of €265 million to Meta Platforms Ireland Limited (MPIL) – the data controller of the Facebook network – after a 19-month enquiry. The DPC also issued a reprimand and has imposed a range of specified remedial actions to be completed within three months.
While the Irish DPC is the lead regulator, this decision included cooperation with the other EU data protection supervisory authorities. This has been a surprisingly swift process, largely due to the EU countries being in agreement over the issue.
The enquiry began in April 2021. Over 530 million Facebook users’ personal data — including email addresses and mobile phone numbers — were reported to have been exposed online. It appears that the data had been scraped maliciously from Facebook profiles, using a Contact Importer tool provided by Facebook. In September 2019, Facebook adjusted the tool to prevent further malicious activity. The DPC focussed its enquiry on tools running from 25 May 2018 (when GDPR came into force) and September 2019” (when Facebook made its security amendments).
The core issue that led to the fine was Meta’s failure to meet the obligations around Data Protection by Design and Default (Article 25 of the GDPR) by implementing appropriate technical and organisational measures.
Data Protection by Design and Default
Data Protection by Design and Default is not new. But while in the past it’s been “advisable”, it is now, under GDPR, a legal requirement. Which means that you must, by law, have appropriate technical and organisational measures in place to ensure you comply effectively with data protection principles; and that you protect and safeguard individuals’ rights.
In practice, this means that you must think about data protection and privacy compliance – up-front. And build it into all the data processing you undertake. It has to be embedded throughout your business and all its practices. And it’s important that it starts at the very beginning of the process, from concept and design stage, and runs right through the lifecycle of any personal data processing you do.
This is the requirement that the DPC determined that Meta did not meet.
Meta Statement
In response to the DPC actions, Meta says it is “reviewing this decision carefully”, and stated: “We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers… Unauthorised data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge … Protecting the privacy and security of people’s data is fundamental to how our business works. That’s why we have cooperated fully with the Irish Data Protection Commission on this important issue. “
Total Meta GDPR fines?
This latest fine brings the total amount of fines imposed since Autumn 2021 by the DPC on Meta to €912m. Previous fines include €405m just a couple of months ago (teenagers’ Instagram accounts displayed their phone numbers and email addresses on a “public-by-default” setting); In March 2022, a GDPR fine of €17m was levied; and in September 2021 a €225m fine was issued over “severe” and “serious” infringements by WhatsApp .
Avoid GDPR Fines
Privacy by Design and Default is at the heart of the GDPR. A Data Protection Impact Assessment (DPIA) is just one of the vital tools businesses need to help them meet their compliance and security obligations. It is an essential means of demonstrating that you put compliance and the security of your data subjects at the heart of everything you do.
Consider the individuals whose data you are processing. What will be the impact on them? Will the processing be fair? Is it even legal? Would they expect you to process it in this way? Have you made them aware? Have you told them their rights? Will their data be safe? Have you done your due diligence on your suppliers? Do you have the right contracts? What are the risks? How can the risks be mitigated? Do you have appropriate organisational processes in place? What technical safeguards do I have / need?
Asking yourselves questions like this will help you be sure you are taking appropriate steps towards meeting your obligations when processing personal data.
If you have questions or concerns about the practicalities around Data Protection by Design and Default, or how best to conduct a DPIA, or if you would like to chat about your own measures in this area, please call 01787 277742 or email dc@datacompliant.co.uk. You can find information about some of our services here.
Victoria Tuffill 29th November 2022
97 Responses
tadalafil
tadalafil
cialis pay with paypal
cialis pay with paypal
can you buy viagra in canada over the counter
can you buy viagra in canada over the counter
cialis tadalafil 5mg once a day
cialis tadalafil 5mg once a day
buy generic viagra in usa
buy generic viagra in usa
sildenafil online india
sildenafil online india
buying cialis online
buying cialis online
can you buy viagra over the counter nz
can you buy viagra over the counter nz
sildenafil 2
sildenafil 2
cialis no prescrip
cialis no prescrip
does medicare pay for cialis
does medicare pay for cialis
buy tramadol us pharmacy
buy tramadol us pharmacy
publix pharmacy cipro
publix pharmacy cipro
viagra online lowest price
viagra online lowest price
cialis overnight deleivery
cialis overnight deleivery
where to purchase viagra online
where to purchase viagra online
poppers and cialis
poppers and cialis
Primaquine
Primaquine
buy cialis australia
buy cialis australia
best viagra online
best viagra online
viagra tablets online india
viagra tablets online india
viagra canadian pharmacy prices
viagra canadian pharmacy prices
buy viagra online india 100mg
buy viagra online india 100mg
over the counter viagra pills
over the counter viagra pills
compare sildenafil prices
compare sildenafil prices
tadalafil 40 mg india
tadalafil 40 mg india
buy cialis brand
buy cialis brand
buy cialis 20mg
buy cialis 20mg
tadalafil citrate research chemical
tadalafil citrate research chemical
metronidazole sciatica
metronidazole sciatica
bactrim epilepsie
bactrim epilepsie
mylan-gabapentin 300mg
mylan-gabapentin 300mg
valacyclovir instructions
valacyclovir instructions
nolvadex injection
nolvadex injection
side effects of pregabalin
side effects of pregabalin
metformin licence
metformin licence
furosemide pseudotumor
furosemide pseudotumor
lisinopril dzialanie
lisinopril dzialanie
40 mg semaglutide
40 mg semaglutide
9 weeks on semaglutide
9 weeks on semaglutide
minute md semaglutide reviews
minute md semaglutide reviews
zoloft first week
zoloft first week
flagyl faydaları
flagyl faydaları
cephalexin ingredients
cephalexin ingredients
how long has cymbalta been around
how long has cymbalta been around
can escitalopram kill you
can escitalopram kill you
gabapentin antihistamines
gabapentin antihistamines
is keflex the same as amoxicillin
is keflex the same as amoxicillin
fluoxetine and phentermine
fluoxetine and phentermine
viagra online 100mg
viagra online 100mg
can i take tylenol with duloxetine
can i take tylenol with duloxetine
spiraldynamics
spiraldynamics
Spiral Dynamics
Spiral Dynamics
can you drink alcohol with ciprofloxacin 500 mg
can you drink alcohol with ciprofloxacin 500 mg
cephalexin drug interactions
cephalexin drug interactions
does bactrim cause yeast infections
does bactrim cause yeast infections
can i take bactrim sooner than 12 hours
can i take bactrim sooner than 12 hours
vxi.su
vxi.su
amoxicillin while pregnant
amoxicillin while pregnant
augmentin dosage
augmentin dosage
side effects of effexor xr
side effects of effexor xr
diclofenac interactions
diclofenac interactions
ddavp in dogs
ddavp in dogs
flexeril dose for back pain
flexeril dose for back pain
what are the side effect of citalopram
what are the side effect of citalopram
depakote er dosage for bipolar
depakote er dosage for bipolar
diltiazem hcl side effects
diltiazem hcl side effects
cozaar vs lisinopril
cozaar vs lisinopril
extended release niacin or ezetimibe and carotid intima–media thickness
extended release niacin or ezetimibe and carotid intima–media thickness
is it better to take flomax in the morning or evening
is it better to take flomax in the morning or evening
contrave rx
contrave rx
allopurinol 100 mg tablet
allopurinol 100 mg tablet
aripiprazole 2 mg tablet
aripiprazole 2 mg tablet
why does amitriptyline cause breast enlargement
why does amitriptyline cause breast enlargement
aspirin and blood pressure
aspirin and blood pressure
site
site
side effects of stopping celexa
side effects of stopping celexa
how long can you take celebrex 200mg?
how long can you take celebrex 200mg?
baclofen uso
baclofen uso
buspar and weight gain
buspar and weight gain
celecoxib davis pdf
celecoxib davis pdf
actos ejecutoriados
actos ejecutoriados
remeron dosing
remeron dosing
repaglinide manufacturer
repaglinide manufacturer
valley medical weight loss semaglutide
valley medical weight loss semaglutide
acarbose similar
acarbose similar
protonix side effects mayo clinic
protonix side effects mayo clinic
robaxin and pregnancy
robaxin and pregnancy
how long does abilify take to work
how long does abilify take to work
spironolactone 852
spironolactone 852
what are the side effects of tizanidine
what are the side effects of tizanidine
synthroid kelp
synthroid kelp
double dose of tamsulosin
double dose of tamsulosin
stromectol pill price
stromectol pill price
what are the pros and cons of venlafaxine?
what are the pros and cons of venlafaxine?
voltaren (diclofenac potassium) potassium
voltaren (diclofenac potassium) potassium
linagliptina y sitagliptina
linagliptina y sitagliptina
Comments are closed.