Toni Dimaano Tech 11.29.2022 02:Nov AM EST

Meta Gets Fined Nearly $300 Million For Facebook Data Scraping Fiasco

Irish regulators imposed a $277 million fine on Facebook's parent company Meta for a privacy violation affecting as many as 500 million users in 2019.

The fine is in accordance with allegations that the social media was involved in a third-party data scraping breach that previously occurred on the platform.

The Penalty Imposed On Meta Comes With Corrective Measures

Tech Crunch reports that the Irish Data Protection Commission confirmed the decision, as they record infringements of Articles 25(1) and 25(2) of the General Data Protection Regulation.

These articles are focused on the data protection of users, which forced the regulator to reprimand Meta, and impose a range of corrective measures.

This most recent penalty relates to the April 2021 data breach where hackers allegedly published scraped personal user data on an online forum.

This data reportedly consisted of phone numbers, Facebook IDs, and birthdays, but Meta attempted to cover up the breach at the time.

In fact, Gizmodo says that at the height of the breach, the tech giant claimed that they had been made aware of the issue and that the information gathered were mostly old.

The company then said that it believed that the data had been scraped by malicious actors through an importer feature it released until September 2019.

This did not sit well with the GDPR, and it says that Meta did not comply with its obligation to provide privacy by default and design.

Because of this, aside from the fine, the regulators also subjected Meta to corrective measures intended to bring the company to comply with special remedial actions.

While it is unclear what remedial actions Meta is supposed to take, the penalties imposed on the company conclude the 18-month investigation of their data security practices.

This Is Not The First Time Meta Was Penalized By The GDPR

Ireland plays a crucial role in the enforcement of GDPR efforts in the European Union since it is where several tech headquarters are located.

This is why the Irish DPC was in-charge of this probe, and why it also has a number of inquiries in other aspects of Meta's business on a legal basis.

According to Gizmodo, Meta has sent them an email where a spokesperson did not refute the charges towards the company, even saying that they fully cooperated with the DPC.

"Unauthorized data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge," the spokesperson claims.

They even detail that the company made changes to its systems during the time when data scraping was rampant, and removed the ability to scrape features using phone numbers.

The new fines slapped on Facebook's parent company come only two months after Meta settled a separate $403 million fine for failing to protect children's privacy on Instagram.

Additionally, Meta was also fined around $267 million for transparency and privacy breaches reported against WhatsApp, Tech Crunch notes.