Goalthe parent company of Facebook, will have to pay a fine in Ireland of 265 million euros for not complying with European data protection law, the GDPR. The sanction has been confirmed by the Irish Data Protection Commission (DPC), which is the entity in charge of monitoring compliance with European Union regulations on data protection in the country.
The sanction has been imposed for the violation of articles 25(1) and 25(2), focused on data protection by design and default, repeatedly. But the fine is not the only measure that this agency has taken against Meta. In addition to reprimanding the company, the entity is also going to force it to make several changes to correct the points that make it not comply with the regulations in a maximum period of time.
This sanction is related to a investigation opened by the DPC on April 14, 2021after the appearance of various news that the personal data of more than 530 million Facebook users, including their email addresses and mobile phone number, had been exposed on the Internet.
When the news broke, Facebook tried to minimize the extent of the security breach that had led to this data leak. The company pointed out that the data had been around the Internet for some time and that it was old data. It also noted that it had corrected the problem that led to the exposure of said data.
In addition, he assured that they believed that those who had obtained the data from Facebook profiles were malicious third parties who had used a contact import function that he offered until September 2019, before he modified it to prevent abuse by blocking the ability to upload listings. of free phone numbers to discover matching Facebook ones.
The Irish Data Protection Commission has confirmed that it reviewed various contact search and import tools offered by the company on its platforms between the date the GDPR came into force and the date of changes to the contact import tool. that Facebook developed in fall 2019. Thus «the investigation included the examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer in relation to the process that Meta Platforms Ireland Limites carried out with them during the period between May 25, 2018 and September 2019«.
The regulatory entity has also stated that “there was a thorough investigative process, including cooperation with the other data protection supervisory authorities of the European Union. These supervisory authorities agreed with the decision of the DPC«. With this, they have focused on the absence of disagreement about their decision.
As to Meta, your management has not yet decided whether to appeal or not the decision. For now they are thoroughly reviewing it. Of course, they have remembered that they have taken several measures to avoid the extraction of data from the security breach that caused the data leak. These include enforcing limits and deploying various tools to combat suspicious automated activity, as well as offering users various controls to limit the public visibility of their information.