Meta the company that manages Facebook, Instagram and WhatsApp was penalized EUR265m (PS228m) from the Irish Data Protection Commission (DPC).
The case is based on an incident which saw the personal information from hundreds of million of Facebook users leaked online.
Email addresses and phone numbers of 533 million people were posted in an internet hacking forums.
The DPC began an investigation in April 2021.
Facebook stated in the same time period that data that had been online for a couple of years prior and was “scraped” and not hacked by malicious actors via the vulnerability of its software prior to September 2019.
“Scraping” employs software that is automated to remove public information off the internet, which can be distributed on online forums.
‘Considerable risks’
However the DPC determined the Meta was in violation of Article 25 of the General Data Protection Regulation (GDPR) regulations.
“Because the data set was huge, due to the fact that there were earlier instances of scraping occurring on the platform, in which issues could have been addressed sooner so we decided to issue the most severe sanction,” Data Protection Commissioner Helen Dixon said.
“The risk is significant for the individual in terms scamming, spammingand Phishing, smishing and loss from control on their personal information which is why we imposed a penalty of EUR265m for the entire amount.”
In addition to the penalty, Meta has been issued with a reprimand, as well as an order that requires it to bring its process to compliance through various corrective actions within a specific time frame.
A spokesperson for the company stated: “Protecting the privacy and protection of the data of individuals is a fundamental aspect of how our company operates. This is why we have partnered completely in conjunction with the Irish Data Protection Commission on this critical problem.
“We changed our systems at the time of the incident, which included taking away the possibility of scraping our content in this manner with phone numbers.
“Unauthorised scraping of data is unacceptable and in violation of our regulations, as well. We’ll continue to work with our colleagues on this issue in the industry. We are evaluating this issue with care.”
In the month of September Meta made an application before the High Court against a record fine of EUR405m that was imposed from the DPC.
It was the most significant penalty ever handed out by the Irish watchdog for data and was handed down for breaches related with the handling of child’s data.
