It is very interesting to hear about fines associated with compliance. I meet with customers all over the world and many don’t take compliance seriously. They know they should do it and make “some” effort, but they tend to weigh other operational goals as a higher priority. This includes violations of data sovereignty as investments in cloud are made, government compliance (example CMMC in the USA) and responding to breaches. What is crazy is even after a breach, compliance sometimes continues to take a backseat to remediation of the breach and impact to business.
I find this crazy since remediation may reduce the risk of a breach, but it doesn’t address the blowback of violating compliance that is put in place to reduce the risk of breaches. Facebook is experiencing the pain of addressing multiple breaches (well we hope they did) without addressing how these breaches impact compliance to GDPR. It is likely that they hoped nobody would show up asking about how recent breaches relate to their requirements for meeting GDPR but here we are witnessing a 18.6 million dollar fine!
TheHackerNews posted about this fine HERE. I highly suggest to think about what compliance you must meet and consider impact to not meeting the compliance requirements. A public known breach can cause compliance enforces to come knocking at your door. Be mindful of this. Here is that article from the HackerNews
The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union’s GDPR laws in the region.
“The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches,” the watchdog said in a press release.
The decision follows the regulator’s investigation into 12 data breach notifications it received over the course of a six-month period between June 7 and December 4, 2018.
“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” Meta said in a statement shared with the Associated Press. “We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”
The development follows a similar penalty the DPC imposed on WhatsApp, fining the messaging service €225 million in September 2021 for failing to meet its GDPR transparency obligations. Following the ruling, WhatsApp tweaked its privacy policy with regards to how it handles European users’ data and shares that information with its parent, Meta.
Around the same time, the Luxembourg National Commission for Data Protection (CNPD) also hit Amazon with an $886.6 million fine in July 2021 for non-compliance with data-processing laws. Then earlier this year, France fined both Meta and Google for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.