Meta fined €250 million by Ireland data body over a 2018 breach

The said data breach affected approximately 29 million Facebook accounts globally, of which some three million were based in the EU/EEA. It was reported by Meta in September 2018. The personal data involved in the breach included account users’ full names, email addresses, phone numbers, locations, places of work, dates of birth, religions, genders, posts on timelines, groups of which a user was a member and children’s personal data.

The breach arose from the exploitation by unauthorised third parties of user tokens on the Facebook platform. It was remedied by Meta in Ireland and its US parent company Meta shortly after the discovery. But the damage was already done and it was immense.

Also read: OpenAI CEO Sam Altman to donate $1 million to Donald Trump’s inaugural fund

The decisions in relation to the breach, which were made by the Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, included a number of reprimands and an order to pay administrative fines totaling €251 million.

What did the Data Protection Commission say on the breach?

DPC Deputy Commissioner Graham Doyle said a grave risk of misuse of data had been caused.

Also read: Mark Zuckerberg’s Meta donates $1 million to Donald Trump’s inaugural fund: Report

According to Doyle, the enforcement action highlighted how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals.

“Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances. By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data,” he added, according to PA Media.