Contact Us

+350 20079000

This data will only be used by Hassans for processing your query and for no other purpose. View our privacy policy
| 1 minute read

Facebook’s past privacy practices fail under regulatory scrutiny

The consensus among data security professionals is that a security breach is not a matter of if, but a matter of when.

Breaches lead to regulatory attention and even slickest operations can be undone under scrutiny. This scrutiny can expose holes or lapses in a business’ privacy practices (whether these lapses are flagrant rule violations or simply unintentional).

On Tuesday, the Irish Data Protection Commission issued Facebook’s parent company (Meta Platforms) with a fine of €17 million for a series of security lapses that occurred in violation of GDPR laws. The fine stems from a security-related inquiry opened by the DPC following 12 data breach notifications received from Facebook in the period between 7 June 2018 and 4 December 2018. This follows a €225 million fine issued in September 2021 for another GDPR violation in connection with a DPC investigation into security issues in Meta's WhatsApp communication service. 

In reaction to Tuesday's developments, Meta shared a statement in which it claimed that “this fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people's information”.

Notwithstanding Meta’s assertion that it did not risk exposing users’ data, there remains an inevitability to cyber threats and data breaches. These risks emphasise the importance of not only maintaining up-to-date policies which meet privacy laws and protect against the latest threats, but of ensuring that a business is capable of demonstrating that its compliance is correctly evidenced in the event of third-party scrutiny.

The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches.

Top-ranked in all practice areas in Legal 500 EMEA 2024

Hassans is pleased to announce that it has once again achieved top tier rankings in all areas covered by Legal 500 EMEA for Gibraltar....

Posted on
Read more

Latest Insights

Upcoming compulsory pensions deadlines for Medium, Small and Micro companies

As many employers will be aware, following the enactment of the Private Sector Pensions Act 2019 (“the Act”), which came into force in...

Posted on
Read more

Ethical Gambling Forum 2024

The Ethical Gambling Forum 2024 was held at the Sunborn Hotel, Gibraltar, last week attended by gambling operators and service providers...

Posted on
Read more

Insurance and Reinsurance Comparative Guide

Hassans' Head of Insurance Yvonne Chu has contributed to Lexology's most recent Panoramic Guide relating to Insurance and Reinsurance. ...

Posted on
Read more