"Meta has received an $18.6m (€17m) fine"
Once again, coffee money. Penalties of this nature and order are just a cost of 'doing business'. Real enforcement would require monitored and audited change of behaviour with criminal sanctions for failure to comply. The biggest problem with data protection law is that it's penalties are administrative only and therefore have no real teeth, as has been seen in the many cases where the offending organisation has negotiated its penalty downward, or even failed to pay up without further penalty.