- Meta has been fined €265 million ($275 million) by the Irish Data Protection Commission (DPC).
- The social media conglomerate has been accused of violating the EU’s General Data Protection Regulation (GDPR).
- The DPC says it plans to impose a range of corrective measures including steps to bring Meta Ireland to compliance.
Meta Platforms has been fined €265 million ($275 million) by the Irish Data Protection Commission (DPC).
The penalty related to an inquiry launched by the DPC on April 14, 2021, after media reports claimed Facebook, one of Meta’s leading social media platforms had been breached with the personal data (email addresses and mobile phone numbers) from more than 530 million accounts exposed online.
This is not the first time Meta has been hit with a privacy violation penalty by GDPR. Just over a year ago, the company’s leading mobile messaging platform WhatsApp was fined €225M (~$267M) penalty for transparency violations.
In September 2022, Instagram, another major platform under the Meta Platforms umbrella was hit with a €405 million penalty for breaching children’s privacy. In March of this year, Facebook was penalised for historical data breaches with Meta coughing another $18.6 million.
The latest penalty may not be the last either with the DPC holding ongoing inquiries into Meta’s business operations that could see the social media conglomerate fined again.
One of the violations cited in the DPC statement is the fact Meta Platforms Ireland (MPIL) still processes personal data including default searchability, which DPC wants Meta to amend its processes to prevent the immediate “access of personal data to an indefinite number of natural persons.”
“This order is made to ensure compliance with Article 25(2) GDPR,” DPC deputy commissioner, Graham Doyle, told TechCrunch.
“There was a comprehensive inquiry process, including cooperation with all of the other data protection supervisory authorities within the EU. Those supervisory authorities agreed with the decision of the DPC,” added the regulator.
Although Meta representatives failed to confirm or deny whether the company was going to appeal the decision, the technology giant is taking a closer look at the decision carefully according to a statement published by TechCrunch.
“Protecting the privacy and security of people’s data is fundamental to how our business works. That’s why we have cooperated fully with the Irish Data Protection Commission on this important issue. We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorised data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully.”
In July Meta launched a new user account system that allows users aged 18 years and above to have public profiles where they can build their communities using the “follow” system. The company chose to keep the accounts of those aged 13-17 private through the “friends” format.
The new system was introduced to usher in the company’s metaverse era. It enables users to have multiple accounts allowing them to only upload certain details of their personal information to specific accounts. For instance, users can have separate gaming IDs from Horizon World’s business/personal IDs.
Whether this new format enables Meta to comply with certain GDPR regulations remains to be seen. The company sees the metaverse as its next step in development, but adoption has thus far been poor according to Horizon Worlds data obtained by Wall Street Journal.
Sign up to the world’s biggest crypto exchange Binance to buy and sell cryptocurrencies.
Stay up to date: