Follow Us on Google News
DUBLIN: Ireland’s Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta, the parent company of Facebook and Instagram, for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms.
This marks the fourth such fine from the DPC since the Fall of 2021.
The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a “collated dataset of Facebook personal data that had been made available on the internet.” This included the personal information associated with 533 million users of the social media platform, including their phone numbers, dates of birth, locations, email addresses, gender, marital status, account creation date, and other profile details.
The fine, as well as a “range of corrective measures,” was levied based on the findings of an inquiry into Meta’s Irish branch, Meta Platforms Ireland Limited (MPIL). The inquiry began in April of 2021 to find out the root cause of a massive data breach that affected over 530 million Facebook users.
Meta acknowledged that the information was “old data” that was obtained by malicious actors by taking advantage of a technique called “phone number enumeration” to scrape users’ public profiles. This entailed misusing a tool called “Contact Importer” to upload a huge list of phone numbers to uncover matches.
Facebook has since removed the ability to use phone numbers to retrieve information via scraping as of August 2019.
The DPC found that Meta violated Article 25 on two points (paragraph 1 and paragraph 2) and reached the decision to fine the social media company on Friday, November 25.
The €265 million fine marks the fourth time since the Irish DPC has fined Meta for GDPR violations since Autumn 2021. Including this ruling, Meta and its subsidiaries have been fined a total of €912 million (roughly US$942 million) by the DPC over the past 14 months. Other fines include a €405 million (~US$418 million) penalty for Instagram’s mishandling of the data of minors.