Facebook and its parent company Meta have been assessed with fines in excess of $277 million for violating user privacy statutes by the Data Protection Commission of Ireland according to a DPC statement dated Nov. 28.
The Irish authorities indicated that their investigation found the social media giant failed to appropriately safeguard user data against the possibility of being “scraped,” through which names, phone numbers, birth dates, email addresses, locations, and other customers’ proprietary information are leaked.
According to the statement, “The DPC commenced this inquiry on 14 April 2021, on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet. The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited (‘MPIL’) during the period between 25 May 2018 and September 2019. The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default. The DPC examined the implementation of technical and organisational measures pursuant to Article 25 GDPR (which deals with this concept).”
The collated dataset the statement refers to held data on over 533 million users worldwide according to The Associated Press.
AP reports that Meta claims to have “cooperated fully,” with the Irish Authorities.
“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers,” Meta said in a statement. “Unauthorized data scraping is unacceptable and against our rules.”
This latest fine is just one in a series of them assessed to Facebook’s parent company in the last year or so, with the AP reporting the DPC fining them over $419 million in September for Instagram’s violations finding “the platform mishandled teenagers’ personal information”, $17.5 million in March for its handling of a dozen data breach notices and last year fined them for WhatsApp’s violations sharing data internally to other Meta companies to the tune of $232 million.
All told, the fines levied by the Irish Data Protection Commission have tallied to approximately $945 million.
Following the news of the fine, Meta’s stock fell to a 5-day low of $108.47 per share.