Meta hit with huge fine for leaking user data

judge hammer
(Image credit: Pixabay)
Audio player loading…

Meta has been hit with a €265 million data protection fine from the Irish Data Protection Commission over claims the firm let down its users' privacy.

The privacy watchdog alleged that the Facebook and Instagram parent company had failed to protect the data of more than half a billion users, potentially leaving a huge number of those impacted at much greater risk of frauds like Identity theft further down the line. 

The news comes after a security researcher revealed the data of over 533 million Facebook users from 106 countries had been leaked, of which around 32 million were from the US and 11 million were from the UK, which included phone numbers, birth dates, email addresses, and locations.

What laws did Meta actually violate?

The regulator, which has authority over Meta due to the company having its European headquarters in the country,  said in a statement (opens in new tab) that Meta violated the GDPR obligation for "Data Protection by Design and Default".

In addition to the huge fine, the regulator's decision will force Meta to "bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe". The option still remains for Meta appeal the fine in an Irish court. 

Commenting on the news, a spokesperson for Meta said the company had made changes to its “systems during the time in question, including removing the ability to scrape our features in this way using phone numbers“. 

They added: "Unauthorized data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge.

Meta is no stranger to huge fines from EU regulators. WhatsApp was hit with a €225 million fine for transparency breaches in September 2021.

In September 2022, Instagram was hit with an even fatter fine of €405 million related to how the social media platform handled data belonging to children. 

In March 2022, Meta was fined €17 million by the Irish Data Protection Commission (DPC) over a string of historical data breaches dating back to 2018.

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.