Meta fined €265mn over Facebook data breach by Irish watchdog
What's the story
Last year, over half a billion Facebook users' personal information was leaked online courtesy of a data breach. The issue was investigated by Ireland's Data Protection Commission (DPC). The watchdog has now decided to levy a €265 million fine on the social media giant for violating European privacy laws. This is the fourth time Facebook parent Meta has been fined by the same regulator.
Context
Why does this story matter?
Ireland plays an important role in the implementation of European privacy laws. The country is home to the European headquarters of tech giants such as Apple, Meta, Google, Twitter, and TikTok, and hence responsible for keeping an eye on them. The hefty fines imposed on Meta will provide a reality check of the current security measures and what more needs to be done.
Breach
Email addresses and phone numbers of users were exposed
The Facebook data leak that exposed the personal information of 533 million users was a result of data scraping. It happened in 2019 due to a vulnerability. The data leaked included the email addresses, phone numbers, full names, birthdates, and bios of users. Last year, the same dataset emerged on a hacking website for free. DPC began its investigation after the 2021 incident.
Investigation
Meta violated the provisions of GDPR: DPC
The DPC investigation involved examining whether Facebook complied with Europe's General Data Protection Regulation (GDPR) laws. GDPR is a set of regulations that mandates organizational and technical measures that need to be taken by a company to protect user data. According to DPC, Meta violated the enforced provisions. It submitted its draft decision last month to its EU counterparts.
Fine
DPC can impose fine up to 4% of global revenue
The DPC has imposed a hefty penalty of €265 million (around $275 million) for the data breach. The commission took into account the actions taken by Meta to combat data scraping. In its decision, the DPC said that those actions were considered mitigating factors. DPC has the power to impose a fine of up to 4% of a firm's global revenue.
Other actions
DPC imposed a $402mn fine on Instagram this year
This is the fourth time the DPC has imposed a penalty on a Meta company. In March, it fined $18.6 million on Meta for bad record-keeping related to a series of data breaches in 2018. Instagram was slapped with a $402 million fine for mishandling teenagers' data in September. Last year, WhatsApp was fined $267 million for violating data privacy laws.