Following a $90 million fine in the United States last month, Facebook's parent company, Meta, was fined another 17 million euros (about 119 million yuan) in Ireland for an old case.
Recently, the Irish Data Protection Commission (DPC) announced that, in accordance with its investigation into the 12 data breaches in 2018, Meta failed to take appropriate technical and organizational measures to protect the data of EU users, violating the EU General Data Protection Regulation (GDPR) and will be fined 17 million euros.
DPC issues an announcement
While DPC didn't list all the details of the 12 data breaches, in September 2018, the tech giant publicly disclosed a major hack that took advantage of Facebook's security flaws that affected at least 30 million accounts. The vulnerability dates back to July 2017, when hackers obtained account access tokens, i.e. data such as the user's username and password, and the stolen tokens allowed hackers to break into the account.
In response to the DPC's allegations, Meta denied that the fine stemmed from personal information protection violations. "This fine is for record-keeping in 2018, not a personal information protection violation, and we've updated it since then." A Meta spokesperson said, "We are conscientious in fulfilling our obligations under the GDPR and will carefully consider the relevant decisions in the subsequent development process." ”
Nandu noted that given that the review of meta involves "cross-border" processing, Ireland regards all European data protection authorities as co-decision makers. Two European regulators objected to the draft decision for the survey, which was later agreed with Ireland. This also arose in the investigation into Twitter's security breaches, as well as in the investigation into the transparency decisions of Meta's subsidiary WhatsApp.
It is worth noting that the fines under the GDPR can be as high as 4% of the company's annual global turnover. In 2021, Meta's total revenue was $117.929 billion, a far cry from the €17 million fine.
It is understood that just last month, Meta just reached a settlement agreement in a California lawsuit with a compensation amount of $90 million. In the lawsuit, users accused Facebook of continuing to track its online behavior after users logged out. According to the settlement, Meta denied that there had been misconduct and that the settlement was "only to circumvent the costs and risks of litigation".
Frances Haugen, Facebook's "whistleblower" and former product manager, argues that Facebook is so good at "processing data" that it can't just ask the tech giant to hand over the data happening on its platform, but rather that it should explicitly explain all of its data sets, including the details of the queries it uses to obtain the data and generate oversight audits.
Image credit: BENOIT DOPPAGNE/BELGA MAG/AFP/Getty
Compilation/Synthesis: Intern Ji Hanya Nandu reporter Jiang Lin
Editor: Jiang Lin