"The Data Protection Commission (DPC) announces (...) the conclusion of an investigation into Meta Platforms Ireland Limited", a subsidiary of Meta and "body which controls the data of the social network Facebook, imposing a fine of 265 million euros and a series of corrective measures," according to a statement on Monday.
The DPC announced in April 2021 the opening of an investigation targeting Facebook on behalf of the EU, after the revelation of a hacking by hackers of the data of more than 530 million users dating back to 2019.
The investigation focused on the applications "Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer (...) between May 25, 2018 and September 2019", and sought to know if Meta had protected the data of its users sufficiently at the under European regulations.
Facebook has its European headquarters in Ireland and it is therefore up to the Irish regulator to lead the investigation for the European Union (EU).
The decision to impose a fine on Meta and its subsidiaries concerned was taken on Friday following findings of "breaches of European regulations (GDPR)", details the DPC.
It therefore issued an "order asking MPIL for a series of corrective actions" and an administrative fine.
The hack used a method known as "scraping" Facebook profiles via software that mimics the network's functionality that helps members easily find friends, scraping contact lists.
"Protecting people's personal data is critical to how our business operates," a Meta spokesperson said.
"That's why we have fully cooperated with the Data Protection Commission on this important issue. We have made changes to our systems," he added.
The GDPR, launched in 2018, gives regulators more power to protect consumers from the dominance of Facebook, Google, Apple and Twitter, which, attracted by favorable taxation, have chosen Ireland as their home base.
The settlement provides that regulators can impose a fine of up to 4% of the global turnover of these groups.
In the case of Facebook, the hacked data in question was partly published on a hacker forum in early April and is the work of "malicious actors", Facebook explained.
The European Union and certain member countries have multiplied in recent years the disputes with the American digital giants on the protection of personal data but also on taxation, or abuse of a dominant position, among others.
© 2022 AFP