The European Union's main privacy regulator for Facebook slapped the company with a 265 million euro fine—equivalent to $276 million—for lacking safeguards against "data scrapers."
Ireland's Data Protection Commission, which enforces EU law, on Monday penalized Meta, Facebook's parent company, for not taking "sufficient technical and organizational steps to prevent" the mass collection and publication of more than half-a-billion users' phone numbers and other profile information, the Wall Street Journal reports:
Monday's fine stems from disclosures in the spring of 2021 that a hacker had published personal phone numbers and other profile information of more than 530 million Facebook users. In response, Meta said the information stemmed from mass "scraping" of public profiles that it said it had discovered and halted in 2019.
The company, at the time known as Facebook, said the data had been gathered by what it said were malicious actors who misused a Facebook tool called "Contact Importer" to upload a large volume of phone numbers to see which ones matched the service's users. On Monday, the company reiterated that it had removed the ability to use phone numbers to scrape its services in this way in 2019. ...
In addition to the fine, the regulator ordered Meta to change its systems to make such a leak less likely.
This is the third fine that the Irish regulator has imposed on the tech giant and its subsidiaries in the last 15 months, costing Meta a total of $900 million. Meta-owned Instagram and WhatsApp in September each faced hundreds of millions of dollars in fines for allegedly mishandling children's data and failing to fully disclose how it handles user data, respectively. Meta is appealing both penalties. A spokesman told the Journal that the company has yet to decide if it will appeal the third fine.