Facebook has been fined €17 million by the Data Irish Protection Commission (“DPC”), the Irish equivalent of our own ICO. The fine relates to 12 personal data breaches that occurred in 2018, shortly after GDPR became law.
The DPC found that Meta Platforms (formerly Facebook) failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches.
Complaints were made in other countries, but the supervising authorities agreed to work together, using the one-stop-shop mechanism built into the EU GDPR. Naturally, the UK is no longer a part of this mechanism.
According to the BBC website who reported the story here https://www.bbc.co.uk/news/articles/cp9yenpgjwzo a spokesperson for Meta said that it takes its obligations under GDPR very seriously, and the fine relates to record-keeping practices from 2018 which have since been updated.
You can see more details about the fine on the DPC website https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-meta-facebook-inquiry