In the latest penalty against Meta for violating European privacy rules, the social networking giant was fined €251 million (about $264 million) on Tuesday for a data leak discovered in September 2018, which led to the personal information of approximately 29 million Facebook users being published online, with many accounts subsequently hacked.
The penalty was imposed by the Irish Data Protection Commission (DPC) after two inquiries into Meta Platforms Ireland Limited (MPIL) were completed. The DPC stated that the categories of personal data affected included users’ full names, email addresses, phone numbers, locations, places of work, dates of birth, religions, genders, posts on timelines, groups of which users were members, and children’s personal data, and nearly 3 million of the total affected Facebook users were based in countries within the European Union and the European Economic Area (EEA).
“The breach arose from the exploitation by unauthorised third parties of user tokens on the Facebook platform,” the DPC said in a statement. “The breach was remedied by MPIL and its US parent company shortly after its discovery.”
> LinkedIn Fined €310 Million for Violating European Data Privacy Rules
The DPC determined that Meta had violated several EU General Data Protection Regulation (GDPR) rules by failing to document facts about the breaches and the steps taken to address them. It also found that Meta had not ensured that, by default, personal data necessary for specific purposes were processed securely to prevent unauthorised access by third parties. These failures resulted in a €110 million fine.
The DPC further reprimanded MPIL for not including all required information in its breach notification, which could and should have been included. For this, an additional administrative fine of €8 million was imposed.
Meta was also fined €133 million for failing to protect data protection principles in the design of its processing systems. This failure hindered the Supervisory Authority’s ability to verify compliance. Together, these penalties brought the total fine to €251 million.
In September 2024, the DPC submitted a draft decision to the GDPR cooperation mechanism, as required under Article 60 of the GDPR. No objections to the draft decision were raised before the publication of the full decision and related information, which will be shared in due course.
> How to Earn on Facebook From Kenya
Leave a comment