Meta Fined $275M for Failing to Protect the Data of 533M Facebook Users
Meta has earned ~$785 million in privacy-related penalties so far in 2022.
On Monday, the Irish Data Protection Commission (DPC) hit Facebook-parent Meta with another multi-million dollar fine for failing to protect user data last year. DPC penalized Meta €265 million (~$275 million) for an April 2021 incident that leaked data of 533 million Facebook users.
The Irish DPC’s investigation into the security incident revealed that Meta infringed Articles 25(1) and 25(2) of the General Data Protection Regulation (GDPR) between 25 May 2018 and September 2019.
In April 2021, the data of 533,313,128 Facebook users from 106 countries surfaced on an online hacking forum. Threat actors reportedly exploited a vulnerability to collate most of the data, with the remaining being scraped from the social networking site.
Leaked data records included users’ full names, Facebook IDs, bios, phone numbers, locations, gender, relationship status, occupation, dates of birth, and email addresses. However, this varied between different users, with only the names, mobile numbers, and gender being the common denominator between all 533 million affected users.
Chris McLellan, director of operations at Data Collaboration Alliance, told Spiceworks, “The way apps manage data is the real problem in establishing the level of control necessary for enforcing outcomes like those outlined in GDPR and California’s CCPA. Sensitive and other information is fragmented into databases, which then get copied at scale through a process known as data integration.”
“This is at complete odds with the global movement towards increased data privacy and data protection,” he added, highlighting that regulatory fines can only scrape the surface of the problem.
“The endless parade of fines and regulatory show trials – or any attempt to mitigate the underlying chaos that defines the current state of personal information – are doomed to fail.”
See More: Meta Faces Second Class-Action Lawsuit for Violating User Privacy on iOS
The latest by the Irish DPC is the fourth privacy-related fine imposed on Meta by global regulators. The Facebook, Instagram, and WhatsApp owner has been slapped with the following penalties in 2022:
- €60 million (~$67.87 million) by France’s Commission Nationale de l’informatique et des Libertés (CNIL) in January 2022
- €17 million (~$18.6 million) by the Irish DPC in March 2022
- ₩30.8 billion (~$22.11 million) by South Korea’s Personal Information Protection Commission (PIPC) in September 2022
- €405 million (~$402 million) by the Irish DPC in October 2022 for Instagram.
“Regulators, too, have been making moves to establish a more fair balance with mandates for data protection rights for access, correction, and deletion. But regulations are just a starting point,” McLellan added.
“Let’s face it – we’ve all become addicted to the conveniences offered by personal and business applications, and that’s unlikely to change any time soon. And the predicted transition to more virtual experiences rather than traditional apps doesn’t change this one bit.”
Meta’s WhatsApp, a mainstay communication tool in several countries, was also penalized $267 million by the Irish DPC. It is unclear how the DPC reached the $277 million amount, but European regulators can fine up to 4% of the violators’ annual revenue.
“Bottom line: If we want to get serious about data protection and data privacy, we need to think seriously about changing the way that we build apps. We need to accelerate the use of new frameworks like Zero-Copy Integration and encourage developers to adopt new technologies like dataware and blockchain – all of which minimize data and reduce copies so that the data can be meaningfully controlled by its rightful owner,” McLellan concluded.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
MORE ON DATA PRIVACY
