EU hits Meta with €265m fine over GDPR breach


The fine relates to a data breach that took place in 2019 and may have affected over half a billion people

This week, the Irish Data Protection Commission (DPC) has issued Meta with another multi-million Euro fine, marking the latest in a series of General Data Protection Regulation (GDPR) woes to befall the US tech giant.

The €265 million fine comes in response to a data breach that Meta announced in April last year, which immediately sparked an investigation from DPC, the regulatory body in charge of overseeing Meta’s EU operations.

The breach itself took place back in 2019, with Meta reporting that the personal information of around 533 million people had been ‘scraped’ and made accessible on the internet.

The DPC investigation found that, during the period from the 25 May 2018 to September 2019, Meta had failed to live up to GDPR standards with regards to its Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools.

Other EU regulators were consulted before the DPC issued the formal fine. The DPC has also ordered Meta to update various systems so that they comply with GDPR law.

“There was a comprehensive inquiry process, including co-operation with all of the other data protection supervisory authorities within the EU,” said Irish Data Protection Commissioner Helen Dixon. “The decision imposed a reprimand and an order requiring [Meta Platforms Ireland Ltd] to bring its processing into compliance by taking a range of specified remedial actions within a particular time frame. In addition, the decision has imposed administrative fines totalling €265 million on [Meta].”

This is the latest in a series of fines Ireland’s Data Protection Commission has imposed on Meta. Last October, the regulator fined Meta (then Facebook) €225 million over various violations related to its WhatsApp platform not fully informing users how it was using their data. More recently, Irish authorities fined the company €405 million after an investigation had found that teenagers had been allowed to set up business accounts displaying their phone number and email addresses on Meta’s subsidiary Instagram.

EU regulators have been cracking down on Big Tech in recent years, with Google, Apple, and Meta all facing fines in the hundreds of millions of dollars for breaches of GDPR and competition regulations.

How is the increasing role of hyperscale tech companies impacting the US telecoms industry? Join the experts in discussion at the upcoming Connected America conference

Also in the news:
SKT takes its Ifland metaverse platform global
CMA probes Apple and Google over browser “duopoly”
Vodacom launches National Relay Service to boost digital inclusion