Irish Privacy Watchdog Fines Meta $275 Million for GDPR Breach
Meta violated EU privacy law by enabling automated "data scraping" of personal information, an Irish Data Protection Commission (DPC) investigation found. The inquiry launched in 2021 based on media reports of the discovery of a collated dataset of Facebook personal data on the internet. The DPC examined Facebook search, Facebook Messenger contact importer and Instagram contact importer tools about processing Meta carried out between May 2018 and September 2019. The main issues involved whether the company complied with the EU general data protection regulation's requirement for data protection by design and default, said a Monday news release. The decision, backed by all other EU data protection supervisory authorities, requires Meta to bring its personal data processing into compliance and to pay a $275 million (265 million euro) fine. A Meta spokesperson stressed the DPC didn't say the incident constituted a personal data breach, hack or security failing. Meta is cooperating fully and "made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers," he said: The company is "reviewing this decision carefully."