Data Protection Commission fines Meta €265 million due to personal data breach

Data Protection Commission fines Meta €265 million due to personal data breach

IRELAND'S DATA Protect Commission (DPC) regulator has imposed a €265 million fine on social media giant Facebook, bringing the total it has fined parent group Meta to almost €1 billion.

The fine comes following an investigation which began in April 2021 which related to the discovery of a collated dataset of Facebook personal data that had been made available online.

Facebook said at the time that the information, some of which had already appeared online a number of years ago, was "scraped", but not hacked, by malicious actors through a vulnerability in its tools prior to September 2019.

The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited (‘MPIL’) during the period between 25 May 2018 and September 2019.

The social network said it patched the vulnerability in 2019, preventing any further data from being harvested.

Facebook was also ordered to make a range of corrective measures.

This is the fourth fine the Data Protection Commissioner (DPC) has levied against one of Meta's companies.

The DPC is also Meta's lead privacy regulator within the European Union, with 13 more inquiries into the social media group outstanding.

In September the watchdog hit its Instagram subsidiary with a record fine of €405 million, which Meta plans to appeal.

The DPC regulates Apple, Google, Tiktok and other technology giants due to the location of their EU headquarters in Ireland. It currently has 40 inquiries open into other firms.

It said in a statement that other relevant EU regulators agreed with the decision issued on Monday after it shared a draft ruling with them last month under the bloc's "one-stop shop" system of regulating large multinationals.