Ireland slams $263m fine on Meta in the latest hit to hold social media firms to account
By Jeph Ajobaju, Chief Copy Editor
A regulator in Ireland helping police European Union (EU) data privacy disclosed on Tuesday it has imposed a fine of 251 million euros ($263 million) on Meta, which owns Facebook, for a data protection failure six years ago that saw users’ accounts hacked on the social media platform which has more than one billion users.
The Data Protection Commission (DPC) criticised Meta for a security flaw in its video upload function which hackers were able to exploit to gain full access to other users’ Facebook profiles.
AFP reports EU officials as documenting that over a two-week period in 2018, unauthorised users were able to hack into around 29 million Facebook accounts globally, including three million based in the EU.
The personal data involved included email addresses, phone numbers, locations and places of work.
“The failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” said Graham Doyle, the regulator’s head of communications.
“By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”
Meta Ireland and its US parent company remedied the breach shortly after its discovery, the DPC said, and reported the issue to the regulator in September 2018.
“We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission,” a Meta spokesperson said.
Crackdown on big tech
This is the latest fine in a series issued to the American social media giant and its rivals, as global regulators seek to rein in big tech firms over privacy, competition, disinformation and taxation.
The EU has been at the forefront of this regulation, with its strict General Data Protection Regulation launched in 2018 to protect European consumers from personal data breaches.
Many global tech companies including Google, Apple and Meta, base their European operations in Dublin, attracted by Ireland’s corporate tax rate.
As a result, Ireland’s data protection agency is the lead regulator responsible for holding them to account.
The series of fines by the DPC against Meta over data breaches by its Instagram, WhatsApp and Facebook services have been dwarfed by the tech giant’s multi-billion-dollar earnings.
In September, the DPC hit Meta with a 91-million-euro fine for failing to put measures in place to protect users’ password data and for taking too long to alert the regulator about the issue.
It came after the European Commission scored two major legal victories in separate cases that left Apple and Google owing billions of euros.
The regulator also recently hit Microsoft-owned LinkedIn with its first EU fine, a 310-million-euro penalty for personal data breaches over targeted advertising.
Read also:
Debt financing costs $74b across Africa as Nigeria eyes new $1.65b loan