Il Privacy Guarantor in Ireland has commissioned a Meta a fine of 265 million euros for not preventing the data scraping: the accusation is that he failed to prevent telephone numbers and other user data from being taken en masse online. This is not the first sanction received by Meta: over the last 18 months the Irish Data Protection Commission (DPC) has requested nearly a billion dollars.
UPDATE: We’ve added Meta’s statement regarding the DPC’s decision.
Meta, fine for data scraping in Europe: 265 million euros
Only last September, the Irish Ombudsman had fined Meta for 405 million euros, for the management of minors’ data on Instagram. Mark Zuckerberg’s company had appealed: but in less than a quarter, one arrives new finethis time for 265 million euros.
The Guarantor intends to hold Meta liable for the online leak of over 533 million Facebook users, reported last April. The data “scraped” from the platform and put online concern telephone numbers, dates of birth, email addresses and places visited. All easily available information on some profiles, but which collected en masse can become a tool for hackers who want to implement phishing e truffe online.
In the note, the Irish Guarantor specifies that among the information published there were personal data of sitting judges, prison guards, social workers, journalists and more.
Liability issue
By disclosing the attack at the time, Meta had blamed the hackers who had data scraped and sold the information online. But according to the Irish Guarantor, Meta would not have complied with one of the points of the GDPR, that of the “data protection by design and by default“.
In the note with which it communicates the action, the Irish Privacy Guarantor specifies that Meta has not complied with the law‘Article 25 of the GDPR which underlines this concept.
Meta confirmed to The Wall Street Journal that it fixed the problem that allowed data scraping as early as 2019 (the data was published online last April, but the theft happened earlier). But for now he does not go out of his way to give an opinion of the sentence: he wants to take the proper time to evaluate it.
However, a spokesperson for the company specifies that: “unauthorized data scraping is unacceptable and against our rules”. Emphasizing that the fault lies with the hackersalthough it will discuss with the Guarantor on its own responsibility.
A Meta spokesperson explains: “Protecting people’s privacy and data security is central to our business. For this reason we have actively collaborated with the Irish Data Protection Commission (DPC) on this important issue. During the referenced period, we made changes to our systems, including removing the ability to scrape our features using phone numbers. Unauthorized scraping of data is unacceptable and against our rules; we will continue to work with our partners to address this industry challenge. We are carefully reviewing this decision.”
Another blow for Meta
Recently the Privacy Guarantor of Ireland, where Meta has its registered office in the European Union, has commissioned more than one sanction and many calls to the group led by Mark Zuckerberg. In addition to the fines already mentioned for Facebook and Instagram, last September has WhatsApp fined 225 million euros for not having disclosed to the European Union how you share your data with Facebook. And this March Facebook has had to pay 17 million euros for a dozen different data breaches.
Europe is doing complying with its GDPR by the millionswith Facebook, Instagram and WhatsApp forced to pay almost one billion euros in the last year and a half.