The Data Protection Commission (DPC) had opened an investigation in April 2021 on behalf of the European Union, following the revelation of the hacking of the data of more than 530 million Facebook users in 2019. The Irish regulator revealed Monday, November 28 the conclusions of its investigation and sanctioned the American giant of social networks Meta, parent company of Facebook, with a fine of 265 million euros, for failure to protect the data of its users.

The Data Protection Commission (DPC) announces […] the conclusion of an investigation into Meta Platforms Ireland Limited”, a subsidiary of Meta and “body which controls the data of the social network Facebook, imposing a fine of 265 million euros euros and a series of corrective measures,” the statement further states.

The investigation focused on the applications “Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer […] between May 25, 2018 and September 2019”, and asked whether Meta had sufficiently protected its users’ data with regard to European regulations.

Facebook has its European headquarters in Ireland and it is therefore up to the Irish regulator to lead the investigation for the European Union (EU). The decision to impose a fine on Meta and its subsidiaries concerned was taken on Friday following findings of “breaches of European regulations (GDPR)”, details the DPC. She therefore issued an “Order to MPIL for a series of corrective actions” and an administrative fine.

The hack used a method known as “scraping” Facebook profiles via software that mimics the network’s functionality that helps members easily find friends, scraping contact lists.

“Protecting people’s personal data is critical to how our business operates,” a spokesperson for Meta said. “That is why we have fully cooperated with the Data Protection Commission on this important matter. We have made changes to our systems,” he added.

The GDPR, launched in 2018, gives regulators more power to protect consumers from the dominance of Facebook, Google, Apple and Twitter, which, attracted by favorable taxation, have chosen Ireland as their home base. The settlement provides that regulators can impose a fine of up to 4% of the global turnover of these groups.

In the case of Facebook, the hacked data in question was partly posted on a hacker forum in early April and is the work of “malicious actors”, Facebook explained.

The European Union and certain member countries have multiplied in recent years the disputes with the American digital giants on the protection of personal data but also on taxation, or abuse of a dominant position, among others.