Meta has been hit with a €265 million data protection fine by the Irish Data Protection Commission for claiming the company has violated the privacy of its users.
The privacy watchdog has alleged that the parent company of Facebook and Instagram has failed to protect the data of more than 500 million users, which could leave large numbers of people at much greater risk of fraud such as identity theft later.
The news comes after a security researcher revealed that the data of more than 533 million Facebook users from 106 countries had been leaked, of which around 32 million were from the US and 11 million from the UK, which included phone numbers, dates of birth, emails. and locations.
The regulator, which has authority over Meta because the company has its European headquarters in the country, said in a statement (opens in a new tab) that Meta breached the GDPR obligation to "protect data by design and by default." ».
In addition to the huge fine, the regulator's decision will require Meta to "bring its processing into compliance by taking a series of specific corrective actions within a specified time frame." Meta still has the option of appealing the fine in an Irish court.
Commenting on the news, a Meta spokesperson said the company had made changes to its "systems during the time in question, including removing the ability to scrape our features in this way using phone numbers."
They added: “Unauthorized data scraping is unacceptable and against our rules and we will continue to work with our peers on this industry challenge.
Meta is no stranger to huge fines from EU regulators. WhatsApp was fined 225 million euros for breach of transparency in September 2021.
In September 2022, Instagram was hit with an even larger €405 million fine related to the way the social media platform handled data belonging to children.
In March 2022, the Irish Data Protection Commission (DPC) fined Meta €17 million for a series of historical data breaches dating back to 2018.