Meta has copped another big fine in Europe, with the Irish Data Protection Commission (DPC) today issuing the company with a €251 million ($US263 million) penalty for a data breach that occurred back in 2017.
As explained by TechCrunch, back in 2017, Facebook’s systems were infiltrated by hackers due to a vulnerability in a video upload function. According to the DPC, these hackers then accessed personal information of 29 million Facebook users globally, of which 3 million were based in the EU/EEA.
As per the DPC:
“The categories of personal data affected included: user’s full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children’s personal data.”
The DPC found that Meta had failed in upholding key data protection principles, which has resulted in a big fine for the company.
“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals. Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances. By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”
So another penalty for Zuck and Co. to add to their outgoings. Though it’s not even the biggest fine the company has been hit with from EU officials this year.
Just last month, Meta received a €797.72 million ($US841 million) fine due to breaches of EU antitrust rules related to the linking of Facebook Marketplace to Facebook, and the market advantages that provides for Facebook’s user-listed market service.
Last year, Meta also copped a $US1.3 billion fine from the European Data Protection Board (EDPU) related to the transfer of EU user data back to the US without explicit permission or adequate protections in place. The company was also fined $US414 million for illegally forcing users to accept personalized ads in its apps, while it’s remains under investigation over potential DSA and DMA compliance failures.
So a heap of money flowing out of Meta, and into EU regulator coffers. And really, by this stage, Meta should probably be putting aside $500 million each year for EU fines.
That’s not to say these are unfounded, or unfair, as EU regulations are what they are, and Meta needs to adhere to the rules of each marketplace. But that’s a lot of money. A billion in fines, in just the last few weeks, is a huge hit, that Meta will now have to factor into its earnings.
But then again, Meta’s on track to make, like, $160 billion in revenue for the full year, so it’s not like this will put a significant dent in its numbers. The sheer scale of its business also seems to be why so many governments are regulators are keen to make Meta pay for sometimes spurious violations or revenue share deals, because it has the money.
Which isn’t entirely fair, but again, despite the fines being so significant, they’re not going to impact Meta’s bottom line a whole lot.
But it is another consideration, that will have some bearing on Meta’s Q4 and full year earnings. And while Meta may look to appeal, it is going to have to pay something, as it looks to appease regulatory concerns.