The breach of data security at Meta resulted in a fine. Since last year, Ireland’s privacy regulator has told the company that it has to pay almost $1 billion.
Meta was fined $275 million by Ireland’s Data Protection Commission (DPC) on Monday for a data leak that put the personal information of more than 500 million Facebook users at risk. Since last October, the Irish privacy watchdog has fined Meta more than $945 million for breaking EU privacy laws.
In a statement, the DPC said that between May 2018 and September 2019, a number of Meta’s search tools for Facebook and Instagram that were given to third-party developers were used to get personal information about users, such as their email addresses, locations, and phone numbers.
According to an article published by Insider last April, the data of 553 million users in 106 countries ended up on a “hacking forum.” The DPC started looking into it soon after the report came out.
Two months ago, the DPC fined Meta about $420 million for mishandling the data of Instagram users under the age of 18, and eight months ago, it fined the tech giant $17 million for past data breaches. Last October, the DPC also gave the company a fine of about $233 million for breaking the law with its WhatsApp messaging service.
Since last October, the DPC has fined Meta a total of about $945 million, which is less than 1% of the company’s 2021 revenue. The watchdog is looking into Meta’s activities in 13 more ways right now.
Most of the world’s biggest tech companies, like Google, Apple, Facebook, and Twitter, have their EU headquarters in Ireland. This is mostly because the country has a low corporate tax rate. So, it is up to the DPC to make sure that these companies follow the General Data Protection Regulation (GDPR), which is a broad privacy law that was passed by the EU in 2018.
People have said that the DPC moves too slowly. In a report from last year, the Irish Council for Civil Liberties found that, at the time the report was made public, the DPC had not yet taken action in 98% of GDPR cases that involved Ireland. “EU enforcement of GDPR against Big Tech is stuck because Ireland hasn’t sent draught decisions on major cross-border cases,” the account said.