Meta fined €265m over data protection breach that hit more than 500m users

Facebook, Instagram and WhatsApp owner has been fined nearly €1bn by EU since September 2021

Facebook’s owner has been fined €265m (£230m) by the Irish data watchdog after a breach that resulted in the details of more than 500 million users being published online.

The Data Protection Commission (DPC) said Meta had infringed two articles of the EU’s data protection laws after details of Facebook users from around the world were scraped from public profiles in 2018 and 2019.

The data appeared on a hacking website last year, prompting an investigation by the DPC, which is responsible for regulating Meta across the EU. The watchdog said a “significant” number of the users were from the EU.

In addition to the fine, it “imposed a reprimand and an order” requiring Meta to “bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe”.

In a statement Meta said: “We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorised data scraping is unacceptable and against our rules.”

The punishment brings the total amount of fines imposed on Meta by the DPC to nearly €1bn since September last year. In September Meta was fined €405m for letting teenagers set up Instagram accounts that publicly displayed their phone numbers and email addresses, while in March the watchdog fined Meta €17m for further GDPR breaches and in September last year it fined Meta’s WhatsApp €225m over “severe” and “serious” infringements of GDPR.

However, one legal expert questioned whether strong enforcement of the EU’s General Data Protection Regulation would have the deterrent effect that it intended.

“By any measure, these are significant fines,” said David Hackett, head of data protection in the Ireland office of law firm Addleshaw Goddard. “GDPR envisaged the imposition of such fines in part to serve as a deterrent to other companies which might consider breaching the law. We are likely to see increased debate about whether such fines actually influence corporate behaviour or if some companies simply see them as an added cost of doing business.”

The DPC regulates Apple, Google, TikTok and other technology platforms owing to the location of their EU headquarters in Ireland. It currently has 40 inquiries open into such companies, including 13 involving Meta.

The Irish regulator said in a statement that other relevant EU regulators agreed with the decision issued on Monday after it shared a draft ruling with them last month under the bloc’s “one-stop shop” system of regulating large multinationals.


Dan Milmo and agencies

The GuardianTramp

Related Content

Article image
Instagram owner Meta fined €405m over handling of teens’ data
Penalty follows investigation into Instagram setting that allowed teenagers to set up accounts that displayed contact details

Dan Milmo Global technology editor

05, Sep, 2022 @5:34 PM

Article image
Meta dealt blow by EU ruling that could result in data use ‘opt-in’
Irish regulator fines Facebook owner €390m after EU rejects argument for use of data to drive personalised ads

Dan Milmo Global technology editor

04, Jan, 2023 @6:16 PM

Article image
EU data watchdog raises concerns over Facebook integration
Irish commission that regulates site requests urgent briefing on platforms merger

Alex Hern

28, Jan, 2019 @5:40 PM

Article image
Facebook and Google targeted as first GDPR complaints filed
Users have been forced into agreeing new terms of service, says EU consumer rights body

Alex Hern

25, May, 2018 @12:57 PM

Article image
Lawsuit aiming to break up Facebook group Meta can go ahead, US court rules
The Federal Trade Commission wants to force sale of Instagram and WhatsApp

Dan Milmo Global technology editor

12, Jan, 2022 @11:53 AM

Article image
Facebook owner Meta to sack 11,000 workers after revenue collapse
Mark Zuckerberg says firm overinvested at start of Covid, adding ‘I got this wrong’

Alex Hern UK technology editor

09, Nov, 2022 @12:55 PM

Article image
Can I move my data to the EU before Google shifts it to the US?
Post-Brexit, Sean wants to keep his data protected by the EU’s GDPR rather than laxer US privacy laws

Jack Schofield

27, Feb, 2020 @9:15 AM

Article image
Facebook faces $1.6bn fine and formal investigation over massive data breach
Irish data regulator could penalize the social network after hack of nearly 50m accounts

Olivia Solon in San Francisco

03, Oct, 2018 @9:12 PM

Article image
UK regulator to write to WhatsApp over Facebook data sharing
Information commissioner says the chat app committed in 2017 not to share contact and user information

Alex Hern Technology editor

26, Jan, 2021 @4:38 PM

Article image
Russia to block Instagram after Meta relaxes stance on Putin hate speech
Russia says social media platform has been used to incite ‘mass riots accompanied by violence’

Andrew Roth

11, Mar, 2022 @11:56 PM