Avatar photo

By Cheryl Kahla

Content Strategist

Meta fined R4.7 billion after leaking 533 million Facebook users’ data

This is the third fine issued to Meta within the last 15 months, totaling more than R15.4 billion.

Meta has been fined a staggering €265 million (approximately R4.7 billion) after a violation of privacy rules resulted in a data breach affecting more than 533 million Facebook users.

The breach came to light in April 2021, and included the information shared by users between 25 May 2018 and September 2019.

Meta fined for data breach

The fine was imposed by Ireland‘s Data Protection Commission (DPC) and issued by Helen Dixon on 28 November 2022, after a 19-month investigation.

Dixon is responsible for inquiries into alleged breaches by Big Tech groups of the EU’s general data protection regulation (GDPR).

Millions of Facebook users compromised

The exposed data included personal details from 533 million users in 106 countries – phone numbers, Facebook IDs, full names, addresses, birthdates, bios and email addresses in certain instances.

The DPC said the scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools.

It found that Facebook was in infringement of the General Data Protection Regulation (GDPR) obligation for Data Protection by Design and Default.

“The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default.”

Meta’s deadline to comply

The DPC said it conducted a “comprehensive inquiry process, including cooperation with all of the other data protection supervisory authorities within the EU“.

Meanwhile, DPC deputy commissioner, Graham Doyle, told TechCrunch that Meta has “a deadline of three months from the date of the final decision to comply with that”.

This is the third fine levied against Meta during the past 15 months. Other fines, totalling $910 million (R15.4 billion), include:

  • $400 fine million for mishandling children’s data on Instagram (September 2022)
  • $235 million for violations related to WhatsApp (October 2021)

ALSO READ: Meta introduces new updates to protect teens on Facebook and Instagram

Meta ‘made necessary changes’

A Meta spokesperson told The Wall Street Journal the company “was reviewing the latest fine and hadn’t yet decided whether to appeal”.

A statement was also obtained by Newstalk reporter Jess Kelly, in which an unidentified Meta spokesperson said Meta made the necessary changes to its systems.

This included “removing the ability to scrape our features in this way using phone numbers”. The spokesperson added:

“Unauthorised data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully.”

ALSO READ: South Korea fines Google and Meta for privacy violations

Via: DPC.

Read more on these topics

Europe Ireland Meta (Facebook) Social Media

Access premium news and stories

Access to the top content, vouchers and other member only benefits