Meta had already racked up a majority of the largest GDPR penalties handed out to tech giants so the latest sanction merely underscores the scale of its problems with privacy compliance.

The penalty is notably stiffer than a €17M fine the DPC handed to Meta in March 2022 over a 2018 security breach. The Irish regulator has had a change of senior management since then. However the two incidents are also different: Meta’s earlier security lapses affected up to 30 million Facebook users compared to the hundreds of millions whose passwords were said to have been exposed as a result of its failure to secure passwords in 2019.