Meta fined €251 million over data breach that affected 29 million Facebook users globally Nexovant

Social media company, Meta, has been slammed a €251 million in Europe over a 2018 personal data breach that impacted 29 million Facebook users globally.

The Irish Data Protection Commission (DPC), which announced the fine on Tuesday, said Meta Platforms Ireland Limited (‘MPIL’) reported the breach in September 2018.

Of the 29 million Facebook users affected by the breach, the DPC said approximately three million were based in the EU.

It added that the categories of personal data affected included: user’s full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children’s personal data.

The breach

The data protection watchdog said the breach arose from the exploitation by unauthorised third parties of user tokens on the Facebook platform.

Between September 14 and September 28, 2018, the DPC said unauthorised persons used scripts to exploit this Facebook vulnerability and gained the ability to log on as the account holder
It, however, pointed out that the breach was remedied by MPIL and its US parent company shortly after its discovery.

“The decisions, which were made by the Commissioners for Data Protection, Dr. Des Hogan and Dale Sunderland, included a number of reprimands and an order to pay administrative fines totalling €251 million,” the DPC stated.

GDPR infringements

The Commission said two decisions were taken against Meta after its investigations revealed infringement of the GDPR.

On its first decision, the Commission said Meta breached Article 33(3) of the GDPR by not including in its breach notification all the information required by that provision that it could and should have included.

“The DPC reprimanded MPIL for failures in regards to this provision and ordered it to pay administrative fines of €8 million.

“By failing to document the facts relating to each breach, the steps taken to remedy them, and to do so in a way that allows the Supervisory Authority to verify compliance.

“The DPC reprimanded MPIL for failures in regards to this provision and ordered it to pay administrative fines of €3 million,” it added.

On the second decision, the DPC said Meta contravened Article 25(1) of the GDPR by failing to ensure that data protection principles were protected in the design of processing systems.
The DPC found that MPIL had infringed this provision, reprimanded MPIL, and ordered it to pay administrative fines of €130 million.
The DPC said it also found that MPIL had infringed the provisions of Article 25(2) of the GDPR, and ordered it to pay administrative fines of €110 million.

Commenting on the decisions, DPC deputy commissioner Graham Doyle said:

“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals.

“Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances.

“By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”

What you should know

The latest fine against Meta comes barely a month after the EU slammed a landmark €797 million fine against the Mark Zuckerberg company for linking its classified ads platform, Facebook Marketplace, directly to its core social network, Facebook, and imposing unfair trading conditions on other online classified ad providers.

In July, Nigeria’s Federal Competiton and Consumer Protection Commission (FCCPC) and the Nigeria Data Protection Commission (NDPC) also imposed a $220 million fine against Meta Platforms Incorporated following a joint investigation into the company’s conduct, privacy policies, the operation thereof, and practices between May 2021 and December 2023.
The final order highlighted Meta’s alleged infringements to include, denying Nigerian data subjects the right to self-determine; unauthorized transfer and sharing of Nigerian data-subjects personal data, including cross-border storage in violation of then, and now prevailing law; discrimination and disparate treatment and abuse of Dominance.

Looking to Invest in Real Estate? Discover Nexovant Today!
Nexovant is Nigeria’s leading real estate platform, offering seamless solutions for property listings, real estate investment, and property management. Whether you’re searching for the best properties in Nigeria, seeking opportunities with our NexoVest real estate investment platform, or exploring innovative tools like Morena AI, Nexovant is your trusted partner in real estate success.

We specialize in:

Real estate investment opportunities in Nigeria.
Affordable property listings for sale and rent.
AI-powered solutions for smarter property searches.
Real estate development and management services.
Join thousands of investors and property owners today. With Nexovant, you can buy, sell, rent, or invest in some of the best real estate in Nigeria.

Explore Nexovant:

📍 Visit us: www.nexovant.com
💡 Learn more about NexoVest: Your gateway to profitable real estate investments.
🌟 Discover Morena AI: Revolutionizing property search and analytics.
Keywords:

Best real estate platform in Nigeria
Real estate investment opportunities in Nigeria
Property for sale and rent in Nigeria
Real estate development and property management
AI in real estate Nigeria
Affordable real estate investments
Top property listing websites in Nigeria
Stay ahead in the real estate market with Nexovant – the future of real estate innovation in Africa.

Source