December 1, 2022
Meta Platforms has been fined $275 million for violating European Union privacy rules, the result of a 2021 data leak that led to the online publication of personal information belonging to 500 million Facebook users. The penalty is the latest imposed on Meta by Ireland’s Data Protection Commission, which in September imposed a $400 million penalty on Instagram for mishandling children’s data. In October 2021, the same regulator fined Meta $235 million for violations by its WhatsApp messaging service. In total, Irish authorities have imposed penalties of more than $900 million on Meta in the past two years.
“The accumulating penalties will be a welcome sign to privacy groups that want to see European Union regulators more aggressively enforce the General Data Protection Regulation,” a law that took effect in 2018 but has triggered blowback against regulators for weak enforcement, according to The New York Times.
Enforcement has fallen largely on Ireland because companies including Meta, Google and Twitter established EU headquarters there. TikTok, which also located its EU hub in Ireland, “is the subject of another investigation there,” NYT reports.
The current Meta fine, issued Monday, was triggered by reports that Facebook data was “scraped” for users’ personal information by an online hacker forum that published users’ names, birth dates, locations and other details in violation of EU rules requiring companies establish reasonable safeguards preventing such privacy violations.
Meta has not indicated whether it will appeal this latest decision, as it did the WhatsApp and Instagram fines.
“Meta is not the only tech giant facing scrutiny. Last year, Amazon was fined nearly €750 million over its online advertising practices by regulators in Luxembourg, where it has its European headquarters,” reports NYT, adding that “in January, Google was fined €150 million by French regulators because users were not given an adequate way to decline so-called cookie trackers used by online advertisers to trace a person’s Internet browsing history.”
In a statement to NYT, Meta said “unauthorized data scraping is unacceptable and against our rules.” At the time of the Facebook scraping, Meta “said malicious actors had abused its contact importer tool to match known phone numbers against the profiles of Facebook users before harvesting additional information from their profiles,” CNN reports.
The company is emphasizing technology updates designed to thwart such infractions. “We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers,” Meta said in a statement reprinted by CNN.
On a related note, a data breach potentially affecting the non-public information of some 5.4 million Twitter users in Europe and the U.S. has also been discovered. “The data was reportedly stolen using an API vulnerability and shared for free on a hacker forum,” reports Forbes, noting that “though the vulnerability has reportedly been fixed, another massive, even potentially more significant data dump of millions of Twitter records has also been disclosed by security researchers.”