Ireland’s data regulator on Monday slapped Facebook owner Meta with a 265-million-euro ($275-million) fine after details of more than half a billion users were leaked on a hacking website.
The Data Protection Commission (DPC) said it had reached the decision following a “comprehensive inquiry process, including cooperation with all of the other data protection supervisory authorities within the EU”.
Meta’s European operations are based in Dublin, along with a number of other major global tech companies including Google, Apple and Twitter.
As a result, Ireland’s data protection agency is the lead regulator responsible for holding them to account.
The watchdog found the social media behemoth led by Mark Zuckerberg had breached two articles of the EU’s data protection laws.
In addition to the fine, the DPC said it had “imposed a reprimand and an order” requiring the Facebook owner to “bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe”.
In response to the fine, a Meta spokesperson said the firm had “cooperated fully” with the DPC on the issue.
The tech firm had previously said the data was “scraped” from the site by hackers in 2019, who took advantage of a feature designed to help people easily find friends using contact lists.
“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers,” the spokesperson said.
“Unauthorized data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully,” they added.
– EU fears –
The Irish watchdog launched its probe in April 2021 to determine whether the EU-wide General Data Protection Regulation (GDPR) charter on data rights and the corresponding Irish legislation had been infringed.
Under the GDPR, which came into effect in 2018, social media users have a wider range of rights relating to their data.
The fine follows a landmark decision by the Irish watchdog to fine Meta a record 405 million euros in September after its Instagram platform was found to have breached regulations on the handling of children’s data.
In July 2019, Facebook was fined a record $5 billion by the US federal authorities over its privacy controls in the wake of the Cambridge Analytica scandal.
In September 2021, the DPC also fined WhatsApp — Meta’s instant messaging application — 225 million euros for failing to comply with its transparency rules for data transfers.
And in France, the CNIL national data watchdog fined Facebook 60 million euros in January 2022 for its use of online “cookies”, the digital trackers used to target advertising.
In recent weeks, the European Union has voiced its fears over a fall in standards in data privacy and content moderation amid widespread job losses in the tech sector.
Meta said earlier this month it planned to lay off more than 11,000 staff amid an advertising slump.
The micro-blogging platform Twitter has attracted similar criticisms following its acquisition by Elon Musk in October.
Tech entrepreneur Musk cut around half of Twitter’s 7,500-strong workforce, including many employees tasked with fighting disinformation, when he bought the firm.
Related: Facebook Says Hackers ‘Scraped’ Data of 533 Million Users in 2019 Leak