Meta fined €265 million for publishing online personal data attributed to Facebook users

Meta has been fined €265 million by the Irish data protection authorities after a detailed investigation revealed that Facebook exposed the data of 533 million users online. Among the personal data “leaked” on the internet between 2018 and 2019 were users’ email addresses, phone numbers, dates of birth and hometowns.

The CPD authority’s investigation began in April 2021 in response to revelations in the press about the discovery of a huge database that had been published on the internet. The investigation specifically targeted suspected breaches of one aspect of European GDPR legislation, Data Protection by Design and Default, against which Meta has already received a “guilty” verdict for refusing to adhere to these rules.

The DPC decision voted on last week covers two breaches of GDPR law, with the Meta giant required to rectify the irregularities found by implementing actions imposed by European authorities within a specified timeframe.

Beyond the security breaches already amended, the measures imposed also aim to ensure wider cooperation with supervisory and data protection authorities across the EU, ensuring that CPD decisions are complied with in a way that prevents similar situations arising in the future.