The Data Protection Commission (DPC), the Irish CNIL, on Tuesday sentenced Meta, formerly Facebook, to a fine of 17 million euros, for non-compliance with the General Data Protection Regulation (GDPR).
The decision follows an investigation into a series of 12 GDPR breaches that took place between June and December 2018. For the Irish authority, Meta could not demonstrate that it had “put in place the technical and appropriate organizational […] to protect user data” of the European Union.
The DPC specifies in its press release that the decision was taken in agreement with the other regulatory authorities of the European Union, despite the initial objections of the German and Polish authorities.
A leading authority often criticized
This is not the first time that Meta has been targeted by European data protection authorities for non-compliance with the GDPR. Last April, the DPC was investigating in particular an unreported data leak by the social networking giant.
Nevertheless, the Irish authority is known to be rather conciliatory with tech giants like Meta, even though its role is essential in the control of the application of the GDPR, most of the large technology companies having established their European headquarters in Ireland – like Google, Apple, Facebook, Amazon and Microsoft.
Last year, the European Commission was also concerned about its inaction and deplored the absence of “significant” decisions and corrective measures from the authority on this subject. Max Schrems’ association, Nyob, for its part estimated that “99.3% of complaints do not lead to decisions”. Will this decision mark the beginning of change?