Ireland’s Data Protection Commission (DPC) on Monday imposed a €265 million ($277 million) fine on Facebook parent Meta for failing to prevent hackers from stealing the personal information of around 533 million Facebook users in a data breach that occurred in 2019.
The DPC is Meta’s lead privacy regulator within the European Union (EU), and has been conducting 13 more enquiries into the social media giant business practices.
In April 2021, Irish regulator launched an enquiry into the Facebook data leak, which exposed the personal details of about 533 million users from more than 100 countries.
The countries worst hit by the leak included Egypt (44 million records), Tunisia (39 million), the USA (32 million) and the UK (11 million). User data that was exposed included full names, phone numbers, gender, date of birth, location, relationship status and email address.
The DPC said it believed the leak might have violated one or more provisions of the EU’s General Data Protection Regulation (GDPR) and/or the Data Protection Act 2018.
Facebook said that the leak was related to an ‘old’ bug that was fixed by 2019 and that malicious actors had scraped the data using Facebook’s contact importer tool before September 2019. Scraping is the practice of using automated software to extract public information from the internet, which is subsequently distributed in online forums.
As part of its enquiry, the DPC evaluated the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in regard to processing carried out by Meta between May 25, 2018 and September 2019.
The DPC has now concluded that Meta violated both Article 25(1) and Article 25(2) of the GDPR rules.
In addition to the financial penalty, Meta has also received a reprimand and an order directing it to bring its processes into conformity by completing a number of certain corrective measures within a particular timeframe.
“Because this data set was so large, because there had been previous instances of scraping on the platform, where the issues could have been identified in a more timely way, we ultimately imposed a significant sanction,” Data Protection Commissioner Helen Dixon said.
“The risks are considerable for individuals in terms of scamming, spamming, smishing, phishing and loss of control over their personal data so we imposed a fine of €265 million in total.”
The Irish regulator said that other relevant EU authorities concurred with the conclusion made on Monday, following its sharing of a draft judgement with them last month.
A Meta spokesperson said that the company was carefully reviewing the Irish regulator’s decision.
“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers,” the spokesperson said.
“Unauthorised data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge.”
This is the fourth financial penalty issued against one of Meta’s firms by Ireland’s DPC.
In September, the watchdog fined Meta’s Instagram subsidiary a record-breaking €405 million.
Because Apple, Google, and other tech giants have chosen to locate their EU headquarters in Ireland, the DPC is the regulatory body that oversees them. The regulator currently has 40 investigations open into such companies.
Pixabay via Pexels
"*" indicates required fields
Software Asset Management is a business practice that involves managing and optimising the life cycle of software within an organisation.
Software asset management is relevant to many facets of a business - take a look at some of the roles that it can form part of the focus of.
Software vendors come in all shape and sizes - all with their own set of licensing models and rules. We take a look at just a few of them.
As a constantly evolving subject, SAM is not without its challenges. We take a look at some of the most common ones.
Wondering what an investment in SAM could do for your business? Fill out a few details and find out what return you could get!
Answer a few questions about your SAM infrastructure & experience, and we'll put together a personalised recommendation for the future.
A simple health check of what's being used across your Office 365 estate in this FREE, Microsoft backed and easy to setup review.
Just like you would with your vehicle each year, get an annual check up of your software asset management programme.
Overwhelmed by the task of documenting the steps for a successful SAM programme? Get the experts in to help!
Concerned your SAM tools aren't covering your whole estate? Or on the look out for an entirely new tool? Get us in to assist.
Not content with covering all things SAM related, we've teamed up with Capital to provide a comprehensive hardware asset management review.
A simple, one-time reconciliation of the software you have deployed versus the licence entitlement you own.
A regularly scheduled analysis of your organisation's estate, specifically adapted to your needs and budget.
A full appraisal of your Microsoft 365 setup and how best to optimise it through automated recommendations.
An add-on to our SAMplicity One, MOT and Plus offerings, quickly diagnose your ability to migrate your resources to the cloud.
In collaboration with law firm Addleshaw Goddard, ensure the legality of your SAM programme and get assistance with any contract disputes.
Available as standard with SAMplicity Plus, ensure you're compliant if you're unexpectedly audited by a vendor.
We've teamed up with some of the forefront experts in licensing knowledge so you can teach yourself to be an expert too.
Stumped by the continually evolving complexities of SAM? Join us for one of our comprehensive courses, either in-person or online.
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!