Facebook parent company fined 265 million euro by Irish data watchdog

Meta has been hit by almost one billion euro in fines by the Data Protection Commission in the past 18 months over EU data breaches.
Facebook CEO Mark Zuckerberg leaving The Merrion Hotel in Dublin (Niall Carson/PA)
PA Archive
Michelle Devane28 November 2022

Tech giant Meta has been fined 265 million euro by Ireland’s data protection watchdog for breaching EU data privacy laws.

The Data Protection Commission (DPC) issued the sanction against the Facebook parent company for failing to protect millions of Facebook users’ personal data, such as telephone numbers and email addresses, from being “scraped” and published on the internet.

In a statement on Monday the DPC said Meta had been fined for “infringement” of sections of the EU’s GDPR rules that cover technical and organisational measures aimed at protecting user data.

It brings the total fines issued against by Meta in the past 18 months to more than 900 million euro.

The latest investigation by the DPC into Meta began in April last year “on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet”.

The data, which was found on a website for hackers, included names, phone numbers, locations, birthdates and email addresses of Facebook users.

Meta said the data had been “scraped” from Facebook.

In a statement Meta said: “We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers.

“Unauthorised data scraping is unacceptable and against our rules.”

The DPC said: “The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited (MPIL) during the period between 25 May 2018 and September 2019.

“The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default.

“The DPC examined the implementation of technical and organisational measures pursuant to Article 25 GDPR (which deals with this concept).”

The DPC said after a “comprehensive inquiry process” that it had “recorded findings of infringement of Articles 25(1) and 25(2) GDPR”.

It ordered Meta to take remedial action to ensure “scraping” does not happen again.

“The decision imposed a reprimand and an order requiring MPIL to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe,” a statement from DPC said.

“In addition, the decision has imposed administrative fines totalling 265 million euro on MPIL.”

The fine was agreed with other EU data regulators.

There have been increasing calls to better resource Ireland’s DPC, which is the de facto lead EU watchdog of data protection and privacy rules due to a large number of tech multinationals – including Facebook, Apple and Google – basing their European headquarters in Dublin.

In July, the Irish Government announced that two additional data protection commissioners would be hired, and that the current commissioner, Helen Dixon, would be promoted to chairwoman of the DPC.

It said that this was being done in response to “the increased working burden and investigative complexity has been regularly highlighted”.

The Irish watchdog issued a 405 million euro fine to Meta-owned Instagram in September over the way in which it handled teenagers’ personal data, making it the largest fine the authority has ever issued.

Instagram said it would appeal against the decision.

In March the regulator also issued a fine of 17 million euro against Facebook for breaching EU privacy laws.

Last year Meta-owned messaging service WhatsApp was hit with a fine of 225 million euro by the DPC for breaching European Union laws on transparency, and the sharing of user information with other companies owned by Facebook.

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in