fb-pixel Skip to main content

Meta fined $275m for breaking EU data privacy law

A car passed the Meta logo on a sign at the company headquarters in Menlo Park, Calif.Tony Avelar/Associated Press

LONDON — In the latest penalty against Meta for violating European privacy rules, the tech giant was fined roughly $275 million Monday for a data leak discovered last year that led to the personal information of more than 500 million Facebook users being published online.

The penalty, imposed by Ireland’s Data Protection Commission, brings the total fines the regulator has imposed on Meta since last year to more than $900 million. In September, the same regulator fined the company roughly $400 million for its mistreatment of children’s data. In October 2021, Irish authorities fined Meta, which was previously called Facebook, 225 million euros, or about $235 million, for violations related to its messaging service WhatsApp.

Advertisement



The accumulating penalties will be a welcome sign to privacy groups that want to see European Union regulators more aggressively enforce the General Data Protection Regulation, or GDPR. The law was hailed as a landmark moment in the regulation of technology companies when it took effect in 2018, but regulators have since faced criticism for not applying the rules strongly enough.

Ireland has been under pressure because of the key role it plays in enforcing EU data protection rules. The country is tasked with policing tech companies’ compliance with the 2018 law as a result of companies such as Meta, Google, and Twitter all locating their EU headquarters in Ireland. TikTok, which also set up an EU hub in Ireland, is the subject of another investigation there.

The fine issued Monday stems from an investigation started last year by Irish regulators into reports that Facebook had not safeguarded its platform against being “scraped” for information, leading to the publication on an online hacker forum of data that included users’ names, locations, and birth dates, in violation of rules that require companies to safeguard personal information.

Advertisement



Meta said in a statement that “unauthorized data scraping is unacceptable and against our rules.” The company said it had changed its policies to prevent such practices. Meta did not say whether it would appeal the decision, as it is for the Instagram and WhatsApp penalties.

Meta is not the only tech giant facing scrutiny. Last year, Amazon was fined nearly 750 million euros over its online advertising practices by regulators in Luxembourg, where it has its European headquarters. In January, Google was fined 150 million euros by French regulators because users were not given an adequate way to decline so-called cookie trackers used by online advertisers to trace a person’s Internet browsing history.