A data breach that occurred in 2019 that affected Facebook resulted in a fine of €265 million being issued to Meta, the parent company of both Facebook and Instagram, by Ireland’s Data Protection Commission (DPC). Over 500 million Facebook users were impacted by this security vulnerability. Since the beginning of the fall season in 2021, this constitutes the fourth such fine issued by the DPC.
The General Data Protection Regulation in Europe has been a challenge for Meta throughout the past year (GDPR). Its most recent run-in with the data protection rule was caused by Ireland’s Data Protection Commission, which today levied a fine of €265 million against the social media behemoth for violating the regulation.
An investigation was conducted into Meta’s Irish branch, which is known as Meta Platforms Ireland Limited. The results of the investigation led to the imposition of a fine as well as a number of other corrective actions (MPIL). The investigation into the fundamental reasons behind a large data breach that affected more than 530 million Facebook users got underway in April of 2021.
Exploits in Facebook Messenger Contact Importer and Instagram Contact Importer were utilized throughout 2019 in order to harvest the user information and scrape it. Facebook stated that had patched these vulnerabilities in September of this year. However, the results of the investigation conducted by the DPC revealed that the tools in question did not comply with the need outlined in Article 25 of the Act to secure personal data “by design and by default” when the data scraping was taking place.
On Friday, November 25, the DPC came to the conclusion that the social media company, Meta, had breached Article 25 on two different grounds (paragraph 1 and paragraph 2) and made the decision to punish the business.
Since Autumn 2021, the Irish DPC has issued a sanction against Meta for GDPR violations on four separate occasions, bringing the total to €265 million. Including this decision, the DPC has handed down fines amounting to a cumulative total of 912 million euros against Meta and its subsidiaries over the course of the last 14 months. Other penalties include a punishment of €405 million for Instagram’s improper management of the personal information of children.