Meta Gets Another Penalty

Facebook's successor Meta has received another heavy fine for violating European data protection law. The €265 million (~$275 million) fine was announced by the Irish Data Protection Commission (DPC), the tech giant's chief regulator for the European Union's General Data Protection Regulation (GDPR). The DPC confirmed that Friday's decision records findings of breaches of Articles 25(1) and 25(2) of the GDPR, which focuses on data protection by design and by default. The DPC also stated that it had implemented a number of corrective measures, writing:

Also See: Turkish Startup WeWalk Receives $2.5 Million Investment

The Background of Punishment

The fine came in relation to an investigation opened by the DPC on April 14, 2021, following media reports that the personal data (including email addresses and mobile phone numbers) of more than 530 million Facebook users had been exposed online. At the time, Facebook tried to downplay the breach, claiming that the data circulating online was "legacy data" and that it had fixed the problem that led to the personal data exposure.

The company said it believed the data was scraped from Facebook profiles by "malicious actors" using a communication import feature it offered until September 2019. However, it made tweaks to prevent data misuse by blocking the ability to upload a large set. Facebook used phone numbers to find people who matched their profiles. The DPC confirmed that it looked at the various contact search and import tools the company offered on its platforms between the date of the GDPR's introduction and the date of Facebook's changes in fall 2019.

Here is the Meta Explanation

Protecting the privacy and security of people's data is fundamental to the way our business works. That's why we have cooperated fully with the Irish Data Protection Commissioner on this important issue. During that time, we made changes to our systems, including removing the ability to scrape our properties using phone numbers in this way. The GDPR fine is not the first for Meta and may not be the last.

Just over a year ago, Meta-owned WhatsApp was fined €225 million (~$267 million) for transparency violations. Earlier this fall, Meta-owned Instagram was fined €405 million for violating children's privacy. Meanwhile, in March, the company was also fined approximately $18.6 million for a series of historical Facebook data breaches.