Ireland’s
Data
Protection
Commission
(DPC)
has

levied
fines
of
€265
million
($277
million)
against
Meta
Platforms
for
failing
to
safeguard
the
personal
data
of
more
than
half
a
billion
users
of
its
Facebook
service,
ramping
up
privacy
enforcement
against
U.S.
tech
firms.

The
fines
follow
an
inquiry
initiated
by
the
European
regulator
on
April
14,
2021,
close
on
the
heels
of
a
leak
of
a “collated
dataset
of
Facebook
personal
data
that
had
been
made
available
on
the
internet.”

This
included
the

personal
information
associated
with
533
million
users
of
the
social
media
platform,
including
their
phone
numbers,
dates
of
birth,
locations,
email
addresses,
gender,
marital
status,
account
creation
date,
and
other
profile
details.

Meta
acknowledged
that
the
information
was “old
data”
that
was
obtained
by
malicious
actors
by
taking
advantage
of
a
technique
called “phone
number
enumeration”
to

scrape
users’
public
profiles.
This
entailed
misusing
a
tool
called “Contact
Importer”
to
upload
a
huge
list
of
phone
numbers
to
uncover
matches.

Facebook
has
since
removed
the
ability
to
use
phone
numbers
to
retrieve
information
via
scraping
as
of
August
2019.

The
Irish
watchdog,
besides
imposing
a
monetary
penalty,
also
ordered
Meta’s
Irish
unit
to
make
sure
its
processing
complies
with
the
E.U.
data
protection
laws.

To
counter
such
unauthorized
data
harvesting,
the
social
media
giant,
late
last
year,
expanded
its
bug
bounty
program
to
reward
valid
reports
of
scraping
vulnerabilities
across
its
platforms
as
well
as
include
reports
of
scraping
datasets
that
are
available
online.

The
development
also
marks
the
fourth
time
Ireland
has
slapped
fines
on
Meta
and
its
subsidiaries,
which
also
comprises
Instagram
and
WhatsApp.

In
September
2021,
the
WhatsApp
messaging
service
was
fined

€225
million
for
not
being
transparent
about
how
users’
personal
information
is
gathered
and
used,
not
to
mention
how
it’s
shared
with
its
parent,
Meta.

Then
earlier
this
March,
the
DPC
followed
it
by
issuing

fines
of
€17
million
for
a
number
of
security
issues
that
led
to
12
different
data
breach
notifications
between
June
7
and
December
4,
2018,
and
exposed
the
information
of
up
to
30
million
Facebook
users.

Meta’s
Instagam
was
similarly

fined
€405
million
in
September
2022
for
violating
the
E.U.
General
Data
Protection
Regulation
(GDPR)
over
mishandling
children’s
data
online
by
making
public
the
phone
numbers
and
email
addresses
of
those
operating
business
accounts.