The Irish Data Protection Commission (DPC) has imposed a €265 million fine on Meta Platforms, Facebook’s parent company, following shortcomings detected in the protection of users’ personal data, in addition to asking the multinational to implement a series of corrective measures. In April 2021, the Irish regulator decided to open an investigation into the data collection and protection processes of Meta Platforms Ireland Limited (MPIL), after a leak to the internet of personal data of 533 million users, including phone numbers and email addresses, was discovered.
The user data was allegedly obtained not through hacking or a leak, but through “scraping”, which involves the automated collection of data from a website or application. The scope of the investigation conducted concerned the examination and evaluation of the Facebook Search, Facebook Messenger Contact Importer, and Instagram Contact Importer tools, in connection with the processing by MPIL during the period from May 25, 2018 to September 2019.
On its side, the company has underlined in a statement its cooperation with the Irish authorities, including the removal of the ability to obtain user data through scraping. “We are reviewing this decision carefully,” it has indicated. “Protecting the privacy and security of people’s data is fundamental to the operation of our business. That’s why we have cooperated fully with the Irish Data Protection Commission on this important issue,” the company explained. “We made changes to our systems during the period in question, including removing the ability to scrape our functions in this way,” it has added, recalling that unauthorized data scraping “is unacceptable” and against company rules.
The penalty comes at a difficult time for Meta, which is facing a stock worth less than one-third of its value at this point last year.