Facebook parent company Meta has been fined €17m for breaching EU privacy rules.
The fine, imposed by the Data Protection Commission (DPC), comes following an investigation into a series of 12 data breach notifications received by the watchdog between June and December 2018.
The fine delivered is the second largest handed down by the commission to date, second only to a €225m penalty doled out to another Meta company, messaging platform Whatsapp, last year.
In a statement on Tuesday, the DPC said that it had found that Meta had infringed EU privacy rules.
The body found that Meta failed to put in place “appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data”.
Ireland's DPC is the social network’s lead regulator in Europe.
A Meta spokesperson said: “This fine is about record-keeping practices from 2018 that we have since updated, not a failure to protect people’s information.
“We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”
The decision by the DPC is its first to successfully navigate the GDPR’s Article 60 cross border mechanism – that is, despite initial objections from Poland and Germany, the decision has been accepted as a whole by all of Europe’s data protection regulators.
Previous decisions regarding Twitter and the aforementioned Whatsapp penalty were delayed further by the need for the data protection regulation’s dispute mechanism to be invoked, due to the various regulators being unable to reach consensus.
The DPC’s full decision has yet to be fully published due to ongoing engagement with Facebook on the commercially sensitive aspects of the matter.