Meta Platforms Inc. (META stock), the company that owns Facebook, was fined 265 million euros, which is equivalent to about $276 million, by a leading European regulator for failing to adequately protect the phone numbers and other information of more than half a billion users from the activities of so-called data scrapers.
The Penalty and Effect on the META Stock
The monetary penalty that was levied against Meta (NASDAQ:META) on Monday by the Data Protection Commission of Ireland, which serves as the company’s primary privacy regulator within the European Union, is the most recent sign that authorities in the region are becoming more assertive in their application of the privacy law of the bloc too large technology companies.
A little more than a year ago, Meta-owned WhatsApp was fined €225 million (roughly $267 million) for transparency violations. Instagram, owned by Meta, was fined €405 million earlier this fall for violating children’s privacy rights. The company was also hit with an $18.6 million fine in March for a series of earlier Facebook data breaches.
Shares in Meta, which owns Facebook and Instagram, have plunged more than 20% after a downbeat set of results from the tech giant.
The judgment made on Monday represents the third time in the previous 15 months that Ireland has fined Meta and its subsidiaries in connection with a privacy lawsuit. These companies include WhatsApp and Instagram. The total amount of the combined financial penalties is more significant than $900 million. The other cases involve how Instagram handles data about children and the transparency with which WhatsApp deals with user information. Meta intends to file an appeal over those decisions.
According to a spokeswoman for Meta, the business plans to examine the decision made on Monday, but it has yet to determine whether or not it will file an appeal. He stated that “unauthorized data scraping” was unacceptable and was against our policies.
The penalty handed down on Monday is a direct result of revelations made in the spring of 2021 concerning a hacker who had released the personal phone numbers and other profile information of over 530 million Facebook members. In response, Meta stated that the information resulted from widespread “scraping” of public profiles, which the company claimed to have detected in 2019 and put a stop to.
The company, still known as Facebook, explained that the data had been obtained by what it described as “malicious actors.” According to the company, these actors had abused a Facebook feature known as “Contact Importer” to upload many phone numbers and determine which ones were associated with users of the service. On Monday, the company reaffirmed that it had abolished 2019 the ability to scrape its services in this manner by using phone numbers, and it made this announcement.
Because Meta’s regional headquarters are located in Dublin, the Data Protection Commission of Ireland, which is in charge of the enforcement of the EU’s privacy law for the company, took action on Monday and stated that the company had not taken adequate technical and organizational steps to prevent a leak of such information. In addition to the monetary penalty, the regulatory body ordered Meta to make modifications to its operations in order to reduce the likelihood of another similar leak occurring. For instance, the regulator suggested that the default settings should be modified so that a user’s personal information is not at risk of being potentially shared with an unlimited number of other individuals.
Meta claims it has since implemented several new safeguards to protect its users’ information better.
The European Union is taking steps to make regulations more stringent for significant tech corporations. Two new regulations, one aimed at curbing potentially anticompetitive activity and another that compels them to show they have adequate content-moderation systems, have been passed by the bloc, and they have begun to apply these laws to large technology businesses.
Tech companies are currently in discussions with the European Commission, which is the executive arm of the European Union (EU), to determine which provisions of each new law will apply to the specific services that they operate, according to statements made by both the companies and officials working for the EU. The middle of the following year is when specific provisions of the new legislation are scheduled to begin being enforced.
Even though the General Data Protection Regulation, also known as GDPR, has been in effect for almost five years, a succession of decisions that have either hefty fines or significant ramifications for business is now being made. This is the first time that this has happened.
The Irish privacy regulator has stated that it is investigating several dozen additional complaints involving a variety of large technology corporations. There is one that investigates whether Meta can require users to accept advertisements that target them based on their behavior as a condition for using the service. Another investigates whether some of the standard plumbing used in digital-ad auctions complies with EU law. Both of these investigations are being carried out by the European Union.
Featured Image – Pexels © Nothing Ahead