Legal
Meta Fined Rs 22,000 Crore in Ireland Over 2018 Facebook Data Breach
Meta, the parent company of Facebook, has been slapped with a massive fine of Rs 21,965 crore ( $264 million) by the Irish Data Protection Commission (DPC) for violating the General Data Protection Regulation (GDPR) in a 2018 data breach that compromised the personal information of 29 million users.
The breach, caused by the exploitation of Facebook’s “View As” feature, exposed sensitive user details such as names, email addresses, phone numbers, and physical locations. Alarmingly, the breach also affected children, intensifying privacy concerns.
Despite Meta’s swift action to fix the vulnerability and notify users, the DPC identified several GDPR violations, resulting in the following penalties:
- Article 33(3): Inadequate breach notification details → Rs 665 crore ($8.4 million)
- Article 33(5): Poor documentation of breach facts/remedies → Rs 249 crore ( $3.15 million)
- Article 25(1): Failure to integrate data protection into system design → Rs 10,820 crore ( $137 million)
- Article 25(2): Excessive data processing beyond necessity → Rs 9,142 crore ( $116 million)
ALSO READ : Call for Papers on AI/ML in Predictive Policing and Digital Forensics for FutureCrime Summit 2025
“This case highlights the critical importance of embedding data protection into the design and development process. Neglecting these measures puts individuals at significant risk, including threats to their fundamental rights and freedoms,” said Graham Doyle, Deputy Commissioner of the DPC.
The DPC has announced plans to publish the full decision soon, providing greater transparency into the enforcement action.
In response, Meta issued a statement defending its actions:
“This decision relates to an incident from 2018. We acted immediately to address the issue and informed both impacted users and the Irish Data Protection Commission. Today, we have robust, industry-leading safeguards in place to protect our platforms,” Meta said.
Meta Settles for Rs 4,160 Crore ($50 Million) in Australia Over Cambridge Analytica Scandal
On the same day, Meta agreed to a Rs 4,160 crore ($50 million) settlement with the Australian Information Commissioner to resolve claims linked to the Cambridge Analytica scandal. The case involved Australian Facebook users whose data was shared with the “This is Your Digital Life” app and potentially misused for political profiling.
The settlement applies to users who had Facebook accounts between November 2, 2013, and December 17, 2015, spent over 30 days in Australia, and either installed the app or were friends with someone who did. Eligible users can access compensation details on the enforceable undertaking page.
Meta emphasized its commitment to moving forward
“We settled on a no-admissions basis, prioritizing the best interests of our community and shareholders. These allegations relate to past practices no longer relevant to how Meta operates today. We are dedicated to building services Australians trust, with privacy at the forefront,” Meta said.
These fines underscore the growing global scrutiny of Meta’s data privacy practices and its ongoing efforts to rebuild trust.
