Meta appeal against €265m DPC fine adjourned until after EU decision

10 May 2024

Image: © kovop58/Stock.adobe.com

The fine in question was imposed by the DPC on Meta in November 2022 following a massive data breach that affected more than 500m Facebook users.

An appeal made by Meta against a €265m fine has been adjourned by the High Court until a related case is resolved in the EU courts.

In a judgement published today (10 May), Justice Garrett Simons of the High Court said that the €265m fine imposed by the Irish Data Protection Commission (DPC) in November 2022 will not be legally effective until the EU Court of Justice resolves another appeal made by Meta against a €225m fine imposed by the DPC on WhatsApp.

Simons noted that the corrective measures prescribed in the fine had been complied with by Meta to the satisfaction of the DPC and that there was no ongoing breach of any data subject’s rights.

The fine in question was imposed by the DPC on Meta following a data breach that affected millions of Facebook users.

In April 2021, the DPC commenced an inquiry into Meta after a database of information on 533m Facebook users emerged on a hacking forum. This scraped data included phone numbers, Facebook IDs, names, locations, birthdates and email addresses.

At the time, the DPC said it believed that “one or more provisions” of GDPR and the 2018 Data Protection Act could have been infringed in relation to Facebook users’ personal data.

Now, while the DPC and Meta agree that the fine cannot be paid until domestic proceedings have concluded, Simons noted that there was a disagreement over whether an interim trial could be held in which some of the specific issues could be determined.

Simons said that the issues in the domestic proceedings “cannot sensibly be separated out”.

“This is because the question of liability and sanction are inextricably bound up together. Meta had strongly contended that the conduct complained of did not involve any infringement of the GDPR,” Simons said.

“For example, Meta placed emphasis on the limited categories of information which had been disclosed as a result of the (alleged) infringement. In particular, the point was made that the disclosed material included information which would have been publicly viewable on the affected users’ Facebook profiles.”

Last month, Meta reported that its latest quarterly revenue grew by 27pc compared to last year as its family of apps now has more than 3.2bn daily active users.

Earlier this year, Dr Des Hogan and Dale Sunderland took over as the two new data protection commissioners, replacing outgoing commissioner Helen Dixon.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com