Facebook’s German unit was handed a fine of 51 000 euros ($55 500) for failing to nominate a data protection officer for its local office, a penalty privacy regulators said should still serve as a “warning” to others.
While the punishment seems tiny for the social network giant, it targets the German unit and not the “billion-dollar parent company,” the data protection authority in Hamburg, Germany, said in its 2019 annual report published on Thursday.
“This case should be a clear warning to all other companies: naming a data protection officer and telling the regulator about it are duties,” which the data protection authority takes seriously, the watchdog said in the report. “Even smaller violations like these can lead to substantial penalties.”
The penalty was levied under the European Union’s new privacy rules, which took effect in May 2018. The General Data Protection Regulation, or GDPR, gives EU data protection authorities for the first time equal powers to fine companies as much as 4% of global annual sales for the most serious violations of people’s personal data.
Facebook’s “careful and professional handling of the violation” has helped avoid an even higher fine, the watchdog said. The company “immediately” stopped the violation and called for a data protection officer “which was simply not communicated,” the report said.
Facebook didn’t immediately respond to a request for comment.
It’s not the first time the social media giant has been targeted by Europe’s data privacy watchdogs. It’s among the long list of US companies probed by the Irish data protection commission, that also includes Google, Apple and Twitter. A case concerning Facebook’s WhatsApp is slated to be among the first to be concluded.
© 2020 Bloomberg