Irish Data Protection Commission Fines Meta Again

  Rassegna Stampa, Social
image_pdfimage_print

Meta was hit with a fine of 265 million euros (roughly $275 million) by the Irish Data Protection Commission, the company’s lead regulator for the European Union’s General Data Protection Regulation, over an incident last year in which personal data from more than 530 million Facebook users was exposed online.

The DPC also imposed a range of corrective measures.

The regulator fined Meta $402 million in September for violations of the EU’s privacy laws protecting children online, including the default setting being set to public for users 13 through 17 and letting people that age operate business accounts, which reveal their email addresses and phone numbers.

Meta said in a statement, “Protecting the privacy and security of people’s data is fundamental to how our business works. That’s why we have cooperated fully with the Irish Data Protection Commission on this important issue. We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorized data scraping is unacceptable and against our rules, and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully.”

The DPC said in a release that it began its inquiry April 14, 2021, following media reports on the breach, in which personal data including email addresses and mobile phone numbers for more than 530 million Facebook users were exposed online.

Facebook said at the time that the data in question was old data, and the issue had been fixed, adding that the data was scraped from its platform by malicious actors using a contact importer feature that it had offered up to September 2019.

The DPC wrote, “There was a comprehensive inquiry process, including cooperation with all of the other data protection supervisory authorities within the EU. Those supervisory authorities agreed with the decision of the DPC.

In addition to the fine, Meta was ordered to “bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe.”

Enjoying Adweek’s Content? Register for More Access!

https://www.adweek.com/media/irish-data-protection-commission-fines-meta-again/