The American giant has been accused of poorly protecting the data of European users in connection with a series of data leaks in 2018.

The Irish Data Protection Commission (DPC) has now taken action against Meta’s lack of security measures regarding user data in Europe. The Reference Authority for Large Tech Companies, headquartered in Europe, has fined the California group 17 million euros. Violation of the General Data Protection Regulation (GDPR).

The approval follows a DPC investigation into 12 personal data leaks that were reported between June 7 and December 4, 2018. “Appropriate technical and organizational measures do not exist to allow for easy demonstration of the security measures implemented in practice to protect EU user data”.

The Authority has been criticized for handling data breaches

In detail, the DPC alleges that Meta violated Articles 5 and 24 of the GDPR. The first is the need to process personal data “To ensure proper security”. This includes protection against unauthorized processing, as well as protection against accidental loss, damage or damage. Second, it compels the data controller to establish appropriate technical and organizational measures to ensure that processing is carried out in accordance with the regulations, especially the risks to the rights and freedoms of the individuals concerned.

On his part, Meta responded to the DPC’s decision: “We have updated this fine embargo from 2018 and will not fail to protect people’s information”A company spokesman explained to AFP.

The slow pace of processing DPC cases, which play an important role in Europe, is often criticized. Latest example: March 15, the day it was meta allowed, The Irish Council for Civil Liberties (ICCL) has said it is taking legal action For “Its failure to protect people from the biggest data breach on record “This affects a Google advertising system that selects ads that are displayed when a website or application is loaded. Depending on the profile or behavior of the Internet user, this technology may send personal information to multiple companies. The DPC received a complaint about this violation a few months after GDPR went into effect in 2018. The complaint was supposed to be investigated and further action was taken but no action has been taken so far.