Meta, the tech giant behind Facebook and Instagram, has once again found itself on the wrong side of European regulators. The Irish Data Protection Commission (DPC) has levied a hefty €251 million ($263 million) fine on the company for a significant data breach that occurred in 2017.
As per the DPC:
“The categories of personal data affected included: user’s full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children’s personal data.”
The DPC found that Meta had failed in upholding key data protection principles, which has resulted in a big fine for the company.
“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals. Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances. By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”
The breach, which affected 29 million users globally, including 3 million within the EU and EEA, exposed sensitive personal information such as full names, email addresses, phone numbers, locations, workplaces, dates of birth, religions, genders, posts, group memberships, and even children’s data. The DPC determined that Meta had failed to adequately protect user data, leading to the substantial fine.
This latest penalty adds to a growing list of fines imposed on Meta by European authorities. In recent months, the company has been ordered to pay €797.72 million ($841 million) for antitrust violations related to Facebook Marketplace and €1.3 billion for illegal data transfers to the U.S. Additionally, Meta faces ongoing investigations for potential violations of the Digital Services Act (DSA) and Digital Markets Act (DMA).
While these fines represent a significant financial burden, they are unlikely to have a major impact on Meta’s overall bottom line. The company is projected to generate over $160 billion in revenue this year. However, the repeated regulatory scrutiny and substantial penalties highlight the increasing pressure on tech giants to comply with stringent data protection and antitrust laws.