Ireland’s data privacy regulator has fined Meta 265 million euros ($277 million) bringing the total it has fined Meta to nearly 1 billion euros.
The penalty resulted from an investigation, started in April 2021, related to the discovery of a collated dataset of Facebook personal data that had been made available online. Facebook was also ordered to make a range of corrective measures. The fine is for failing to prevent hackers from accessing personal information from more than 500 million Facebook users in a 2019 data leak.
The DPC said it would additionally be imposing a range of corrective measures.
“The decision imposed a reprimand and an order requiring MPIL [Meta Platforms Ireland Limited] to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe.”
Monday’s fine is fourth Ireland’s Data Privacy Commissioner (DPC) has levied against one of Meta’s companies. In September the watchdog fined Instagram a record 405 million euros, which Meta plans to appeal.
Since the fall of 2021, Ireland regulators have hit Meta with 912 million euros in fines, going after the social media giant and its subsidiaries, Instagram and WhatsApp, for alleged violations of Europe’s General Data Protection Regulation (GDPR)
The DPC regulates Apple, Google, Tiktok and other technology giants due to the location of their EU headquarters in Ireland. It currently has 40 inquiries open into such firms, including the 13 involving Meta.
The Irish regulator said in a statement that other relevant EU regulators agreed with the decision.
“There was a comprehensive inquiry process, including cooperation with all of the other data protection supervisory authorities within the EU. Those supervisory authorities agreed with the decision of the DPC.”
Meta issued a statement saying:
“Protecting the privacy and security of people’s data is fundamental to how our business works. That’s why we have cooperated fully with the Irish Data Protection Commission on this important issue. We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorised data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully.”