Meta was fined 265 million euros by Ireland

Meta, the parent company of Facebook, was fined 265 million euros by the Irish Data Protection Commission (DPC) today, mainly because the personal information of hundreds of millions of Facebook users was leaked to the Internet.

In April 2021, the personal data of about 533 million Facebook users was leaked onto the Internet, including information such as the user's name, phone number, and email address. The DPC then launched an investigation.

Facebook said at the time that the data breach was a simple data theft rather than a system being hacked. The incident occurred before September 2019, when malicious actors exploited a vulnerability in Facebook's sync contacts tool to steal the data. After discovering the problem, Facebook quickly fixed the vulnerability.

As part of the investigation, the DPC examined and evaluated Facebook Search, Facebook Messenger Contact Importer, and Instagram Contact Importer. The findings revealed that Meta violated Article 25 of the European Union's General Data Protection Regulation (GDPR).

DPC Data Protection Commissioner Helen Dixon said,

because of the scale of the breached data and the fact that similar data breaches have occurred on the Facebook platform before, we have decided to impose significant sanctions on Meta. The risk of fraud, spam, SMS scams, phishing, and loss of control of personal data is considerable, so we fined Meta a total of 265 million euros."\

In addition to the fine, the DPC also requires Meta to take a series of specific remedial actions within a specified time to bring its data processing into compliance.

A spokesman for Meta said the company was carefully evaluating the DPC's decision.

In September of this year, the DPC also imposed a fine of 405 million euros on Meta's social platform Instagram, mainly because of improper handling of teenage user data. Subsequently, Meta appealed to the court.

Meanwhile, Dixon said today that her office is also concerned about Twitter's recent layoffs. Regulators in Europe and the United States have previously expressed similar concerns, saying Twitter's layoffs could affect its ability to meet its regulatory obligations.

Dixon said, we're concerned about this and we're in close contact with Twitter. We've had a number of public inquiries with Twitter.

The DPC is Meta's main EU regulator because Meta's European headquarters are in Ireland.