Ireland is once again slapping Meta with a hefty fine, this time to the tune of $277 million for failing to protect user data from scraping.
Data scraping is the process of using automated methods and scripts to collect data from a website. The data may be publicly available or require access. News of the scraping breach first broke in early 2021, although the actual incident occurred prior to 2020. In all, some 533,000,000 Facebook accounts were impacted.
Ireland’s Data Protection Commissioner (DPC) has now levied the third-largest fine against Meta, saying the company did not do enough to protect its users’ data and prevent personal information, phone numbers, email addresses, and more from being scraped.
According to Independent.ie, some 1.3 million Irish Facebook accounts were impacted. Some of the impacted accounts included “gardai, sitting judges, prison officers, social workers, journalists and others.” The breach also coincides with a spike in scam attempts across the EU and Ireland.
“The material issues in this inquiry concerned questions of compliance with the GDPR obligation for data protection by design and default,” the DPC said in a statement. “The DPC examined the implementation of technical and organisational measures pursuant to Article 25 [of] GDPR.”
The investigation was evidently started last year, after news of the breach.
“The DPC commenced this inquiry on 14 April 2021, on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet,” the DPC statement said.
“The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited during the period between 25 May 2018 and September 2019.”
To make matters worse, Facebook apparently is not interested in accepting full responsibility for the incident or fully committing to preventing such incidents in the future. In fact, as we previously covered at WPN, Facebook accidentally sent a memo to a journalist in which the company complained about the negative coverage it was receiving over the breach.
In the memo, the company also outlined its goals moving forward, including efforts to “normalize the fact that this activity happens regularly.”
Thankfully, Ireland’s DPC doesn’t believe data scrapping should be accepted as ‘normal’ and is holding Meta’s feet to the fire.