Ireland’s Data Protection Commission imposed a fine of €265 million ($277 million) on Meta for failing to safeguard the personal data of more than 500 million users of its Facebook service.
These new regulations come after the European Commission launched an inquiry on April 14th, following a leak of a “collated dataset of Facebook personal data that had been made available on the internet.”
Personal information from 533 million users was leaked, including phone numbers, dates of birth, location, email addresses, gender, marital status, and more.
According to Meta, the “old data” was obtained by malicious actors by taking advantage of a technique called “phone number enumeration” to scrape users’ public profiles. This entailed misusing a tool called “Contact Importer” to upload a huge list of phone numbers to uncover matches.
Facebook has already removed the ability to use phone numbers to discover people’s personal profiles since August 2019. The Data Protection Commissioner has ordered that Meta’s processing complies with European data protection laws. Additionally, they have imposed a monetary penalty to discourage this practice.
It’s important to protect against unauthorized data collection like scraping, so last year, social media giant Facebook expanded its bug bounty program to incentivize reports of scraping vulnerabilities and datasets that can be accessed online.
This is the fourth time Ireland has levied fines on Meta and its subsidiaries which include Instagram and WhatsApp.
Earlier in September 2021, WhatsApp messaging platform has slapped with a fine of €225 million for not being transparent on how users’ personal information is gathered and used, and how it’s shared with its Meta.
Meta was also fined €405 million in September 2022, for breaching the E.U. General Data Protection Regulation (GDPR) over mishandling children’s data online. The company was at fault for making public the phone numbers and email addresses of those operating business accounts.