The Irish Data Protection Commission (DPC) fines imposed €265 million ($277 million) in damages against Meta Platforms for failing to protect the personal data of more than 500 million users of its Facebook service and for stepping up privacy enforcement on U.S. technology companies money was imposed.
The fine follows an investigation launched by European regulators on April 14, 2021, following the disclosure of “a collated dataset of Facebook personal data that was made available on the internet.” was broken.
It contains personal information related to the 533 million users of our social media platforms, including phone number, date of birth, location, email address, gender, marital status, account creation date and other It contained profile details.
Meta has acknowledged that this information is “old data” obtained by malicious actors utilizing a technique called “phone number enumeration”. Scraping a user’s public profileThis involved the misuse of a tool called “.contact importer” to upload a huge list of phone numbers and find a match.
Since then, Facebook has removed the ability to retrieve information using phone numbers via scraping as of August 2019.
In addition to imposing fines, Irish regulators have also ordered Meta’s Irish division to ensure that its processing complies with EU data protection law.
To combat such fraudulent data collection, the social media giant expanded its bug bounty program late last year, rewarding valid reports scraped for vulnerabilities across its platform, as well as making available online. Include report scraped dataset.
The rollout is also the fourth time Ireland has fined Meta and its subsidiaries (which also includes Instagram and WhatsApp).
In September 2021, the WhatsApp messaging service was fined €225 million for failing to be transparent about how users’ personal information is collected and used.
Then, at the beginning of March this year, the DPC issued a €17 million fine for a number of security issues that led to 12 different data breach notifications between 7 June and 4 December 2018. and made public the information of up to 30 million Facebook users. .
So did Meta’s Instagram. €405 million fine in September 2022 for breach of the EU General Data Protection Regulation (GDPR) Mishandling children’s data online by disclosing the phone number and email address that operates the business account.