By Dave McKay | December 1, 2022
Meta Fined by GDPR Watchdog - Again
Facebook’s owner has been fined €265 million by the Irish Data Protection Commission after a breach resulted in the details of more than 500 million users being published online.
The Data Protection Commission (DPC) said Meta had infringed two articles of the EU’s data protection laws after details of Facebook users from around the world were “scraped” from public profiles in 2018 and 2019.
“Data scraping” is the name given to the programmatic extraction of personal data stored on the web. The collected databases are than used for cybercrimes such as phishing campaigns, identity theft, and fraud. Meta’s lax security allowed hackers to perform data scraping on an industrial level.
Specifically, the DPC’s inquiry focused on several software tools, namely Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer, with respect to data processing carried by Meta between May 2018 and September 2019.
The scraped data appeared on a hacking website in 2021, prompting the DPC’s investigation. The data watchdog said a “significant” number of the users were from the EU.
Along with the fine, the DPC “imposed a reprimand and an order” forcing Meta to “bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe”.
In response, Meta said:
“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorized data scraping is unacceptable and against our rules.”
It is felt that the fine—which brings Meta’s total in GDPR fines to over €1 billion—will spark more debate about whether fines, even fines of this magnitude, are significant deterrents. perhaps for an organization of Meta’s size and wealth, it is an acceptable running cost.
Perhaps they view it as the license fee for being just as blasé as they like with the safeguarding of the personal data of its enormous user base.
A user base that, strangely, seems uncaring about the abuses of its personal data.
Source: The Guardian