Meta Platforms has been fined 17 million euros ($18.6 million) for violating the European Union’s privacy regulations by failing to prevent data breaches on its Facebook platform.
As Bloomberg News reported Tuesday (March 15), Irish Data Protection Commission (IDPC), which oversees privacy issues in the EU, said it determined Facebook had “failed to have in place appropriate technical and organizational measures.”
The case dates back to 2018, when the IDPC launched an investigation into a breach that impacted tens of millions of Facebook accounts. Among the breaches was one triggered by a software bug that gave outside developers access to millions of user photos.
Adopted in 2018, the EU’s General Data Protection Regulation (GDPR) establishes guidelines for the collection and processing of personal data from EU residents and is meant to ensure that people living in the EU receive data disclosures.
The law allows regulators to fine companies as much as 4% of their yearly revenue in the most serious cases. Last year, Ireland fined WhatsApp $246 million, while Amazon was levied a record $746 million by Luxembourg’s privacy watchdog.
Read more: Regulator Could Order Meta to Stop EU-US Data Transfers
Last month, the Irish regulator sought an order that would require Meta to suspend data transfers to the United States, a ruling that could cause the company to retaliate by removing its websites from Europe.
If EU regulators agree with this measure, the decision would have wide-ranging impacts on any company that moves data between the EU and the U.S.
See also: EU Privacy Regulator Fines Amazon $887M
Meta has said suspending data transfers would not only impact millions of people, businesses and nonprofits in the European Union who use the service, but also affect other companies that need EU-U.S. data transfers to provide a global service.
“A long-term solution on EU-U.S. data transfers is needed to keep people, businesses and economies connected,” Meta said.