The Penalty Is the Third-Largest Under the EU’s GDPR Data Law
Meta Platforms failed to prevent the disclosure of personal data belonging to more than half a billion Facebook users. This resulted in a fine of €265 million ($277 million).
The Irish Data Protection Commission is Meta’s primary privacy watchdog in Europe. Its investigation made it clear that the social media company failed to implement adequate safeguards. These are mandated by the bloc’s broad General Data Protection Regulation. Hence the Irish DPC fined the social media company.
Monday’s decision is the third time Ireland has imposed financial penalties on Meta and its subsidiaries in a privacy case over the past 15 months, bringing the total fines to more than $900 million. Instagram’s handling of child privacy and WhatsApp’s transparency on how it manages user data are recent instances involved as well.
The company will analyze the fine. According to a Meta representative, it has not yet decided whether to appeal.
Fine Follows the Hacker’s Publishing of User Data
The fine is related to the spring 2021 hacker leaking more than 530 million Facebook users’ phone numbers and other profile data. Meta responded by saying the data came from a massive “scraping” of public profiles it had identified and stopped in 2019.
At the time, the company had the name Facebook. According to their official statement, the hackers exploited Facebook’s app called “Contact Importer” and uploaded many phone numbers of the service’s users to see if any matched. The firm said that as of 2019, it had no longer allowed users to scrape its services using phone numbers.
EU Tightens Regulation of Big Tech
Regulating large tech firms is becoming more stringent in the EU. Two new laws regulating big tech firms have been approved and are now being implemented by the union. One of them limits potentially anticompetitive conduct, and the other one requires demonstrating robust content-moderation systems.
According to tech firms, they are presently in talks with the European Commission, the EU’s executive body, to establish which provisions of each new legislation will apply to their particular services. By the middle of next year, parts of the new regulations will be in effect.
The General Data Protection Regulation, or GDPR, has been implemented for over five years. But it is only now causing significant fines and economic impacts.
Ireland’s data protection authority claims it is investigating multiple big tech firms in numerous new instances. One example examines whether some of the conventional plumbing of digital-ad auctions comply with EU law. Another one investigates whether Meta may compel consumers to accept advertisements directed at them based on their behavior.