Facebook Fined $277 Million for Privacy Violations

Facebook Fined $277 Million for Privacy Violations
The Meta logo, and Facebook's logo, on a smartphone screen. (Kirill Kudryavtsev/AFP via Getty Images)
Naveen Athrappully
11/28/2022
Updated:
11/30/2022

Ireland’s Data Protection Commission (DPC) has slapped Facebook owner Meta Platforms Ireland Limited (MPIL) with a fine of 265 million euros ($277 million) for violating user privacy.

The penalty is related to an investigation that began in April 2021 after it came to light that a collated dataset of Facebook personal data was available online, according to a DPC statement on Nov. 28. Facebook was seen as not having properly safeguarded its platform against being “scraped” for information, due to which user names, birth dates, locations, and other data leaked. The DPC ordered the platform to take corrective actions on the issue.

The agency looked into Facebook’s implementation of technical and organizational concepts per Article 25 of the General Data Protection Regulation (GDPR), the data privacy law in the European Union.

Article 25 requires businesses to ensure that data protection is designed into the development of business processes for both products and services. As such, privacy settings must, by default, be set at a high level.

The agency conducted a comprehensive inquiry process and cooperated with other data-protection supervisory authorities in the EU, who all agreed with the DPC’s conclusion on the matter, according to the DPC.

“The decision, which was adopted on Friday, 25 November 2022, records findings of infringement of Articles 25(1) and 25(2) GDPR. The decision imposed a reprimand and an order requiring MPIL to bring its processing into compliance by taking a range of specified remedial actions within a particular time frame,” the statement reads.

“Protecting the privacy and security of people’s data is fundamental to how our business works,” said a Meta spokesperson in an emailed statement to The Epoch Times. “That’s why we have cooperated fully with the Irish Data Protection Commission on this important issue. We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorized data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully.”

Other Fines

Meta has been previously fined by the Irish DPC several times. In October 2021, for example, the agency fined Meta roughly $235 million for violations linked to its WhatsApp messaging service. In September, the DPC fined Meta roughly $400 million for mistreating data related to children on Instagram.

Together with the most recent fines, the Irish DPC has charged Meta with fines totaling more than $900 million. Meta had announced its plans to appeal the agency’s decision on the WhatsApp and Instagram penalties. However, the company hasn’t announced whether it would appeal the latest fine.

Facebook is also embroiled in other privacy scandals. A joint investigative report by The Markup and The Verge on Nov. 22 revealed that Meta’s Pixels, a widely used code on Facebook that tracks the online activity of users, allowed it to secretly receive personal financial information via online tax-filing services.

In May, Facebook sent checks of up to $397 to 1.4 million people in Illinois as part of compensation for a $650 million class-action lawsuit. The plaintiffs in the suit had blamed the platform for using facial recognition data without gaining user consent.