Irish data protection office fines Facebook parent Meta 265m euros over 2019 data leak, adding up to 1bn euros in fines over past 18 months
Ireland’s data protection office on Monday fined Facebook parent Meta some 265 million euros (£228m) for failing to secure the data of hundreds of millions of users from being published online.
The fine follows a fine of 405m euros the Irish Data Protection Commission (DPC) levied in September for Meta’s handling of young users’ privacy settings on Instagram and means Meta has been fined nearly 1bn euros by EU regulatory bodies in the past 18 months.
The fine follows a DPC probe that began in April 2021 into the publication of data on 533 million Facebook users from 106 countries, which appeared on a hacking forum last year.
The data included names, phone numbers, email addresses, locations and other personal data.
A vulnerability in a tool designed to allow users to import contacts from their phones onto the Facebook or Instagram app had allowed third parties to obtain the data through a process called scraping, Meta said at the time.
The data included information on sitting judges, prison officers, social workers, journalists and others, the DPC said.
Meta initially downplayed the breach, saying it involved “old” data from 2019 and that it had fixed the scraping issue in August of that year.
But the DPC said Meta had failed to comply with GDPR obligations of “data protection by design and default.”
It said other data protection authorities in the EU “agreed with the decision of the DPC”.
The Irish regulator often takes the lead on probes into Meta because the company’s European headquarters is in Dublin.
Meta said it would review the DPC’s decision and has not yet decided whether to appeal.
“Unauthorised data scraping is unacceptable and against our rules,” the company added.
Last year the DPC fined Meta’s WhatsApp 225m euros for failing to provide details of how it shares EU users’ data with its parent company. The DPC fined Meta 17m euros for 12 separate data breaches in addition to the 405m euro Instagram fine.
At the beginning of this month Meta laid off more than 11,000 staff amidst a staff restructure following a decline in revenues and stiff competition from the likes of TikTok.
Meta’s net income fell to $6.69bn (£5.5bn) for the April-June period, down 36 percent from $10.39bn for the same period a year earlier, its first-ever revenue decline.
The decline for the third quarter was even more marked, with net income for the three months to 30 September coming to $4.3bn, down 52 percent from $9.1bn a year earlier.