Meta fined US$275 million following enquiry into April 2021 data leak
The data leak saw the personal information for 553 million accounts posted to the dark web
Add bookmarkIreland’s Data Protection Commission (DPC) has announced it will be imposing a €265mn (US$275mn) fine and “a range of corrective measures” on Meta Platforms Ireland Limited (MPIL), owner and operator of social media site Facebook, after an investigation into suspected data scraping on the site.
Data-scraping refers to a technique that locates and extracts information from a source, like a social media site, and deposits it in a database.
The inquiry was commenced on April 14 2021, after a data leak saw the personal data of 553 million Facebook users published to the internet. The Facebook IDs, names, dates of birth, locations, bios and in some cases email addresses of the affected accounts were made publicly available via a post on the dark web.
The DPC said the inquiry was concerned with “questions of compliance with the GDPR obligation for data protection by design and default”. These cybersecurity techniques put considerations of user or customer privacy and data protection at the forefront of software development.
Data protection by design embeds data privacy and protection features at the design phase, while data protection by default ensures that only solutions that are automatically data protection friendly are used to create user service settings. Under Irish GDPR laws, companies are obligated to use both these techniques when planning projects.
It was on this basis that MPIL was investigated by the DPC alongside all other EU data supervisory authorities.
The DPC announced on November 25 that it had found that Meta had committed “infringement of Articles 25(1) and 25(2) GDPR”, meaning that the site had not followed its obligations to include data protection by design and default in Facebook’s design.
As a result of this, the commission said that it had “imposed a reprimand and an order requiring MPIL to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe”, a decision that “imposed administrative fines” of €265mn (US$275mn) on the company itself. This decision was backed by the data supervisory authorities across the EU.
The news of the fine comes days after it was reported that Meta had allegedly fired employees for breaking its terms of service and hijacking user accounts on the behalf of hackers.