Meta fined €265 million by Ireland's Data Protection Commission

Meta's had a tough year with regard to Europe's General Data Protection Regulation (GDPR). Its latest run-in with the data protection regulation comes courtesy of Ireland's Data Protection Commission (DPC), which imposed a €265 million fine against the social media giant today.

The fine, as well as a "range of corrective measures," was levied based on the findings of an inquiry into Meta's Irish branch, Meta Platforms Ireland Limited (MPIL). The inquiry began in April of 2021 to find out the root cause of a massive data breach that affected over 530 million Facebook users.

The user data was scraped throughout 2019 by using exploits in Facebook Messenger Contact Importer and Instagram Contact Importer. Facebook reported that it fixed these holes in September 2019. However, The DPC's inquiry found that, during the time of the data scraping, the tools were not in compliance with the GDPR's "obligation for data protection by design and default," laid out in Article 25 of the regulation.

The DPC found that Meta violated Article 25 on two points (paragraph 1 and paragraph 2) and reached the decision to fine the social media company on Friday, November 25.

The €265 million fine marks the fourth time since the Irish DPC has fined Meta for GDPR violations since Autumn 2021. Including this ruling, Meta and its subsidiaries have been fined a total of €912 million (roughly US$942 million) by the DPC over the past 14 months. Other fines include a €405 million (~US$418 million) penalty for Instagram's mishandling of the data of minors.