The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region.
"The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data, in the context of the twelve personal data breaches," the watchdog said in a press release.
The decision follows the regulator's investigation into 12 data breach notifications it received over the course of a six-month period between June 7 and December 4, 2018.
"This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people's information," Meta said in a statement shared with the Associated Press. "We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve."
The development follows a similar penalty the DPC imposed on WhatsApp, fining the messaging service €225 million in September 2021 for failing to meet its GDPR transparency obligations. Following the ruling, WhatsApp tweaked its privacy policy with regards to how it handles European users' data and shares that information with its parent, Meta.
Around the same time, the Luxembourg National Commission for Data Protection (CNPD) also hit Amazon with an $886.6 million fine in July 2021 for non-compliance with data-processing laws. Then earlier this year, France fined both Meta and Google for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology.