Meta fined €265 million over Facebook data breach

Facebook’s parent company, Meta, has been hit with yet another hefty fine of €265 million ($277 million) by the Irish Data Protection Commission (DPC), the tech giant’s lead regulator for the European Union’s General Data Protection Regulation (GDPR).

Meta was penalized for failing to stop the online scraping and dumping of sensitive information of millions of Facebook users.

In September, following a €405 million ($402 million at the time) penalty for mishandling children’s privacy settings on Instagram, the Irish Data Protection Commission fined the tech corporation twice in recent months. In total, Meta has accrued fines of roughly €1 billion in just the last 18 months.

In reaction to the exposure of the personal data of over 530 million Facebook users, including phone numbers, birth dates, email addresses, and other details, the DPC opened this penalty issue.

At the time, Meta attempted to downplay the breach by asserting that the information discovered was outdated and that it was likely obtained by “malicious actors” using a contact importer feature that it had provided up until September 2019 before making changes to prevent data abuse.

It further asserted that the problem that caused the exposure of personal data had been resolved. Even though the company stated it would examine the DPC Ireland decision, the Ireland regulator asserted that it did not adhere to the GBPR data obligation.

This is not the first time the corporation has been fined; over the years, its subsidiary companies have also been penalised.

Last year, the DPC fined Meta’s WhatsApp €225 million ($267 million) for not providing details of how it shares European Union users’ data with Facebook. It was also hit with a €17 million ($18.6 million) fine over 12 separate data breaches.

Read Also: Mark Zuckerberg explains why Meta sacked over 11000 employees

What did Meta say

Seeking on this matter, according to TechCrunch, Meta said in a statement,

Protecting the privacy and security of people’s data is fundamental to how our business works. That’s why we have cooperated fully with the Irish Data Protection Commission on this important issue. We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorised data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully.

The company also said that since this breach, it had implemented several efforts to stop data scraping, including enforcing rate limitations, installing technical tools to stop suspicious automated activity, and giving customers controls to limit the public display of their data.

This penalty might not be the last for the tech company as the DPC is also looking into many other facets of Meta’s operation, including a lengthy investigation into the legal justification for processing personal data that stretches back to 4.5 years.