The Republic of Ireland’s data protection watchdog, the Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited (MPIL) 265m euros, as data controller of the Facebook social media network.
The DPC began this inquiry on 14 April 2021, after media reports of a collated dataset of Facebook personal data that had been made available on the internet. The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools regarding processing carried out by Meta, between May 2018 and September 2019.
The watchdog ordered Meta to bring its processing into compliance by taking specified remedial actions.
Comments
John Stevenson, Product Director at Cyren said: “Every single one of the 533m Facebook users whose information was published on hacking forums faced potential follow-up phishing scams exploiting their exposed PII [personally identifiable information] in the pursuit of more valuable credentials.
“So, whilst the initial data leak was back in 2021, it’s nonetheless encouraging to see fines being issued retrospectively. Hopefully the consequences here will encourage other enterprises to comply to cyber regulations and follow best practices to avoid a mercenary penalty in future, particularly given cyber insurers increasingly setting a higher bar for due diligence to avoid extortionate pay outs like this one.”
Paul Brucciana, Cyber Security Advisor at WithSecure, said that Meta should not be the scapegoat of those worried about misuse of personal data, quoting 4.1 billion records were leaked in the first six months of 2019 alone. “In a recent poll of 1,000 US companies, nearly half (45pc) claim they have faced a major data breach within the past five years. The situation is unlikely to be less grave anywhere else.”
