Meta Fined $275 Million In Facebook Data Scrape

Meta is ordered to pay a hefty fee after the personal data of an estimated 500 million Facebook users was harvested and posted to a hacking forum, according to a Law360 report. The parent company of Facebook was fined a total of $275 million by the Irish Data Protection Commission (DPC), a lead regulation agency for Europe's General Data Protection Regulation (GDPR). 

The DPC first launched an investigation into the suspected privacy breach in April of last year. According to a report from Business Insider at the time of the breach, loopholes in contact importing tools for Facebook and Instagram, as well as the social media platform's search feature, made user data vulnerable to exposure, including phone numbers, locations, dates of birth, and email addresses. The information, tying back to hundreds of millions of Facebook users, was shared in a hacking forum. Facebook had said at the time that the vulnerability causing the breach was fixed, says BI.

DPC fine includes order of 'a range of collective measures'

After finding Facebook guilty of General Data Protection Regulation code violations, the Data Protection Commission issued a reprimand and ordered the company, specifically Meta Platforms Ireland Limited, to work on improving the compliance of its data protection and privacy measures. A November 28 press release from the DPC states that Meta needs to take "a range of specified remedial actions within a particular timeframe" in order to stay within the bounds of that compliance. 

The DPC added in the release that all other data security regulators within the European Union agreed with the verdict, the reprimand, and the fine. DPC deputy commissioner Graham Doyle said that Meta has three months to comply with the DPC's order, per TechCrunch, which also cited Meta's response statement where the tech giant says it will be "reviewing [the DPC's] decision carefully." This decision, though, was not the regulation agency's first regarding Meta. WhatsApp and Instagram, both names under the Meta umbrella, have been recently fined a couple hundred million apiece for privacy and transparency infractions, says TechCrunch, and a number of Meta investigations by the European Union data privacy regulators are still ongoing.