European Regulator Fines Facebook Parent Meta $276 Million for Data-Scraping Breach

A leading European regulator fined Meta Platforms Inc., the company that owns Facebook, 265 million euros, or around $276 million, for failing to better protect the phone numbers and other personal information of more than half a billion users from so-called data scrapers. 

The sentence imposed on Meta on Monday by Ireland's Data Protection Commission, the EU's primary privacy watchdog, is the most recent evidence of how aggressively regional authorities are enforcing the bloc's privacy legislation against major internet corporations.

What Actually Happened?

The penalty on Facebook was announced on Monday as a result of revelations made in the spring of 2021 that more than 530 million Facebook users' personal phone numbers and other profile information had been leaked by a hacker. 

In response, Meta claimed that the data came from widespread "scraping" of public profiles, which it claimed to have found and stopped in 2019.

The firm, then known as Facebook, claimed malicious actors had uploaded a huge number of phone numbers using a Facebook tool called "Contact Importer" to discover which ones matched the service's users. The business stated on Monday that it had made it impossible to utilize phone numbers to scrape its services in this manner starting in 2019.

In a privacy dispute, Ireland has penalized Meta and its affiliates, including WhatsApp and Instagram, three times in the past 15 months; the latest verdict brings monetary penalties to more than $900 million. 

The other complaints concern WhatsApp's openness about how it manages user data and Instagram's management of children's data. Meta is contesting those judgments.

How Did Meta Authorities React?

A spokesperson for Meta said that the company will look over the decision from Monday and has yet to decide if it will appeal. "Scraping data without permission is not okay and is against our rules," he said. Meta says that it has made many changes since then to protect users' data better. 

Who Is the Irish Regulator Which Fined Meta?

Due to the fact that Apple, Google, Tiktok, and other internet companies have their EU headquarters in Ireland, the Data Privacy Commissioner (DPC) is in charge of regulating them. There are presently 40 open investigations into these companies, including the 13 involving Meta. Under the General Data Protection Regulation (GDPR) "One Stop Shop" regime established by the EU in 2018, the regulator can levy fines of up to 4% of a company's global revenue.

Because Meta maintains its regional offices in Dublin, Ireland's Data Protection Commission, which oversees the enforcement of the EU's privacy rules for the corporation, claimed the company hadn't taken enough organizational and technical precautions to avoid such a breach. The regulator imposed a penalty and required Meta to take measures to prevent future violations.

For instance, the regulator recommended changing the default settings to prevent a user's personal information from potentially being shared with an infinite number of persons.

According to Ireland's privacy regulator, dozens more complaints involving numerous major tech corporations are still pending. One of them examines whether Meta can require users to accept advertisements that are tailored to them based on their activity in using the service. In contrast, another examines if some of the standard practices in digital ad auctions are in compliance with EU legislation.

Good Read: Top 10 Data Breaches of 2022 (So Far)

EU is Tightening Regulations for Tech Giants

Big tech corporations are subject to stricter regulation from the EU. Two new regulations targeting major tech firms have been passed by the bloc and are already being implemented. One of the limits of the law is potentially anticompetitive behavior, while the other requires them to demonstrate that they have effective content-moderation systems.

According to the corporations and EU officials, tech companies are currently discussing with the European Commission, the EU's executive body, to identify which parts of each new law will apply to the particular services they provide. Beginning in the middle of next year, certain parts of the new regulations will be put into effect.

The General Data Protection Regulation, or GDPR, the bloc's privacy law, has been in effect for almost five years. Still, it is only now that a number of decisions with hefty fines or significant commercial repercussions are being made.

Lessons For Users and Businesses

Data scraping has been a controversial topic in discussions about data privacy for a long time because it lets cybercriminals get private information about users. But it can also be used for good reasons. For example, it collects news sources, feeds stock information into APIs and trading applications, and keeps an eye on resellers' pricing agreements.

API (Application Programming Interfaces) are the backbone of modern software development. They provide a standard way for different applications to communicate with each other and exchange data. APIs simplify the development process, making it faster and more efficient to create new applications and integrate existing ones. APIs are essential for building robust, scalable, and flexible software solutions.

It's easy to keep web scrapers from getting your information. First, limit how many accounts you have on different social platforms. When it comes to social media, the more accounts you have, the more ways there are to attack you. Also, don't put your trust in online media platforms and Big Tech. They have a history of giving useful information to third parties on purpose.

For businesses to improve network security, it's important to use up-to-date protocols, professionals on staff, and certified third-party providers. Network security includes patch management, vulnerability scanning, network auditing, email spam filtering, data storage, and many other things that keep sensitive information from being scraped.

With so many privacy scandals and court cases, end-users and businesses must be as careful and as proactive as possible about their data privacy and security. Read more about cyber security jargon and gain some cybersecurity knowledge and save your mobile app from hackers. 

Published on Dec 5, 2022
Vaishali Nagori
Written by Vaishali Nagori
Vaishali is a Penetration Tester, as well as a Dancer and a Learner. She works as security consultant. She has worked with Web Applications, APIs, Android, and iOS Penetration Testing. She has secured over 70 applications from a variety of industries, including e-commerce, banking, management, gaming, trading, government, tax management, and financial services. She enjoys dancing and interacting with new people. You can find her on Linkedin:


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now