IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

"Unacceptable" data scraping lands Meta a £228m data protection fine

The much-awaited decision follows the scraping of half a billion users' data and received unanimous approval from EU regulators

Meta has been fined €265m (£228m) by the Irish Data Protection Commission (DPC), following a prolonged inquiry into a data scraping incident.

The DPC imposed a reprimand against Meta, leveraged the administrative fine against the firm, and ordered it to take specific remedial measures within a specific time frame in order to bring its processing of personal data into compliance with EU law. 

The decision comes after a 17-month inquiry into the company, after it was discovered that personal data from the Facebook accounts of 533 million users was publicly available on a hacking forum.

This had been scraped from Facebook between May 2018 and September 2019 through the use of tools intended to link users to their friends using phone numbers.

As part of its decision, the DPC did not find that the incident constituted a hack, data breach, or security practice failing. In a press release on the decision, the DPC stated that the inquiry and decision process included “cooperation with all of the other data protection supervisory authorities within the EU”, and that all agreed on the final decision.

"Protecting the privacy and security of people’s data is fundamental to how our business works,” a Meta spokesperson told IT Pro

“That’s why we have cooperated fully with the Irish Data Protection Commission on this important issue. We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. 

Related Resource

Five common data security pitfalls

Learn how to improve your security posture

Dark shaded blue whitepaper cover with titleFree Download

“Unauthorised data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully.”

The decision has brought the total amount that Meta has paid in data privacy fines within Europe to €1 billion (£863,000), with the DPC having ordered Meta subsidiary Instagram to pay a record €405 million in September for a violation of GDPR involving data processing for the platform’s 13-17-year-old users. The commission found that children in this age range could set up business accounts, set to 'public' by default.

“Meta is on a losing streak,” said Sarah Coop, analyst at data and analytics company GlobalData.

“Privacy breaches damage consumer trust, which is already dwindling for Meta. Its central social media platform, Facebook, is struggling to attract younger users due to strong competition from other platforms like TikTok. The company has also reportedly lost $9.4 billion on its metaverse business unit and has recently restructured, laying off 11,000 employees.”

“GDPR fines are simply collateral damage for Big Tech. While fines can be large, at up to 4% of global turnover, most Big Tech consider it the cost of doing business. However, consumer confidence will be important for the metaverse, and cybersecurity breaches and data privacy fines further taint Meta’s already tarnished reputation.”

However, some in the industry have pointed out that the mishandling of personal data is far from a problem unique to Meta.

“Meta should not be the scapegoat of those worried about misuse of personal data,” said Paul Brucciana, cyber security advisor at WithSecure

“4.1 billion records leaked in the first 6 months of 2019 alone. In a recent poll of 1,000 US companies, nearly half (45%) claim they have faced a major data breach within the past five years. The situation is unlikely to be less grave anywhere else.”

In addition to following the decision made by the DPC, Meta has outlined a number of practices that it has already implemented in order to tackle data scraping on its platforms.

The firm has employed tactics such as rate limiting to prevent scrapers from using platforms at an abnormal speed, automated tools for investigation, and hunting down datasets with the help of threat intelligence researchers.

Meta stated that users can tailor their privacy settings to limit the amount of data visible on their profile, which in turn reduces data misuse. 

The fine comes amidst a record low for Meta’s finances. In October, the company’s earnings call painted a bleak picture, with net income down 52% against a 19% surge in spending.

The firm’s commitment to developing metaverse tech, driven in no small part by CEO Mark Zuckerberg, has led to record spending by the company on its Reality Labs division, with almost $10 billion allocated this year alone, and more locked in for 2023. 

Since its earnings call, Meta has cut 11,000 staff amidst calls by Zuckerberg for a more capital-efficient company. The firm has admitted that its growth has not hit the anticipated targets, and Zuckerberg has indicated that its current financial situation is down to a mixture of macroeconomic factors and an overly-optimistic investment strategy. 

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

Latest Meta GDPR fine brings 12-month total to more than €1 billion
General Data Protection Regulation (GDPR)

Latest Meta GDPR fine brings 12-month total to more than €1 billion

5 Jan 2023
Meta to pay $725 million in Cambridge Analytica lawsuit settlement
social media

Meta to pay $725 million in Cambridge Analytica lawsuit settlement

23 Dec 2022
Meta cuts 11,000 staff, citing wrong call on investment
Careers & training

Meta cuts 11,000 staff, citing wrong call on investment

10 Nov 2022
Meta's earnings are 'cause for concern' and 2023 looks even bleaker
Business strategy

Meta's earnings are 'cause for concern' and 2023 looks even bleaker

27 Oct 2022

Most Popular

Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023