Meta Hit With $275M Fine Over Scraped Facebook Data

Europe's GDPR strikes again after personal Facebook data, including phone numbers, was found on the internet in 2021.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read

Facebook is once again in hot water over its handling of user data. 

James Martin/CNET

Meta has been caught failing to abide by Europe's privacy rules, resulting in the Irish Data Protection Commission slapping the social media giant with a hefty fine. 

Facebook's parent company must pay a 265 million euro ($275 million) penalty and take a number of corrective measures, the Irish DPC said in an announcement on Monday as it concluded a year-and-a-half-long investigation. 

The watchdog launched an inquiry into Meta after it discovered a collated dataset of people's personal Facebook data had been made available on the internet. After closely scrutinizing Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools, it found that Meta was not living up to its legal obligation to ensure that it was protecting data by design and default.

It falls to Ireland's privacy watchdog to ensure Meta is following Europe's General Data Protection Regulation (GDPR), which went into effect in 2018, because like many other Silicon Valley tech giants, Meta has chosen to base its European headquarters in that country. The GDPR gives European internet users some of the strongest privacy protections in the world. If there are security breaches, or if that data is held longer than necessary, companies can get in big trouble.

It's not the company's first such brush with the law. Back in September 2021, the DPC fined Meta because its messaging service WhatsApp had failed to properly explain to users how it was using their data. There are several other areas of Meta's historical privacy practices the DPC is also currently probing. But for now, the company has this week's big fine to contend with.

"Protecting the privacy and security of people's data is fundamental to how our business works," said a spokesman for Meta in a statement. He added that the company had complied with the DPC's investigation and had made changes to the platform in the interim period to prevent scraping of data, including telephone numbers.

"Unauthorized data scraping is unacceptable," he said, adding that Meta was carefully reviewing the DPC's decision.