Meta, the parent company of social media giant Facebook, has been fined €265 by the Data Protection Commission (DPC) over data breaches in convention of Europe’s General Data Protection Regulations (GDPR).
In April of this year, the DPC launched an inquiry after media reports alleged that the personal information of millions of Facebook users, including names, email addresses, and phone numbers, had appeared in an online hacking forum.
Personal Data “Scraped”
At the time, Facebook claimed that the information had been “scraped”, as opposed to hacked, by devious actors who had exploited vulnerabilities in the platform’s tools prior to September 2019. Facebook said it had patched these vulnerabilities once they discovered, and that any further data had been prevented from being obtained.
The ensuing investigation by the DPC involved a thorough examination and assessment of various Facebook features, including Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta between May 2018 and September 2019.
Breach of Article 25
As a result of the investigation, Meta was found to be in breach of Article 25 of the GDPR rules, which states in essence that personal data protection should be a core consideration of any business that processes such data.
“The risks are considerable for individuals in terms of scamming, spamming, smishing, phishing and loss of control over their personal data so we imposed a fine of €265m in total,” said Helen Dixon, the Data Protection Commissioner.
Ms. Dixon further stated that when companies such as Meta design products and services that involve large amounts of personal data being transacted, then the relevant safeguards must be put in place to adequately protect such data.
In addition to the fine, an order was issued that Meta must bring its data processing into compliance with specified remedial actions and within a particular timeframe.
*In contentious business, a solicitor may not calculate fees or other charges as a percentage or proportion of any award or settlement.*