>
Meta has been hit with a €265 million data protection fine from the Irish Data Protection Commission over claims the company has breached the privacy of its users.
The privacy watchdog claimed that the parent company of Facebook and Instagram had failed to protect the data of more than half a billion users, potentially putting many of those affected at a much higher risk of fraud such as identity theft further down the line.
The news comes after a security researcher revealed that the data of more than 533 million Facebook users from 106 countries, including about 32 million from the US and 11 million from the UK, had been leaked, including phone numbers, dates of birth, email addresses, and locations. .
The regulator, which has authority over Meta because the company has its European headquarters in the country, said in a statement (opens in new tab) that Meta has violated the GDPR obligation for “Data Protection by Design and Default”.
In addition to the massive fine, the regulator’s decision will force Meta to “comply its processing by taking a series of specified corrective actions within a specified time frame.” The option remains for Meta to appeal the fine to an Irish court.
Commenting on the news, a spokesperson for Meta said the company had made changes to its “systems over time, including removing the ability to scrape our features using phone numbers in this way.”
They added: “Unauthorized data scraping is unacceptable and against our rules and we will continue to work with our colleagues on this industry challenge.
Meta is no stranger to high fines from EU regulators. WhatsApp was fined €225 million for transparency violations in September 2021.
In September 2022, Instagram was fined an even bigger fine of 405 million euros for the social media platform’s handling of children’s data.
In March 2022, Meta was fined €17 million by the Irish Data Protection Commission (DPC) over a series of historic data breaches dating back to 2018.