Meta Fined $263M in Europe Over User Data Breach

Meta has copped another big fine in Europe, with the Irish Data Protection Commission (DPC) today issuing the company a hefty penalty for a data breach that occurred back in 2017.

As explained by TechCrunch, back in 2017, Facebook’s systems were infiltrated by hackers due to a vulnerability in a video upload function. According to the DPC, these hackers then accessed personal information of 29 million Facebook users globally, of which 3 million were based in the EU/EEA. As a result, the company has been issued a fine of $263 million (251 million euros).

As per the DPC:

“The categories of personal data affected included: user’s full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children’s personal data.”

The DPC found that Meta had failed in upholding key data protection principles, which has resulted in a big fine for the company.

“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals. Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances. By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”

So another penalty for Zuck and Co. to add to their outgoings. Though it’s not even the biggest fine the company has been hit with from EU officials this year.

Just last month, Meta received a $841 million (797.72 million euros) fine due to breaches of EU antitrust rules related to the linking of Facebook Marketplace to Facebook, and the market advantages that provides for Facebook’s user-listed market service. 

Last year, Meta also copped a $1.3 billion fine from the European Data Protection Board (EDPU) related to the transfer of EU user data back to the U.S. without explicit permission or adequate protections in place. The company was also fined $414 million for illegally forcing users to accept personalized ads in its apps, while it’s remains under investigation over potential DSA and DMA compliance failures.

So a heap of money flowing out of Meta, and into EU regulator coffers. And really, by this stage, Meta should probably be putting aside $500 million each year for EU fines.

That’s not to say these are unfounded, or unfair, as EU regulations are what they are, and Meta needs to adhere to the rules of each marketplace. But that’s a lot of money. A billion in fines, in just the last few weeks, is a huge hit, that Meta will now have to factor into its earnings.

But then again, Meta’s on track to make, like, $160 billion in revenue for the full year, so it’s not like this will put a significant dent in its numbers. The sheer scale of its business also seems to be why so many governments and regulators are keen to make Meta pay for sometimes spurious violations or revenue share deals, because it has the money.

Which isn’t entirely fair, but again, despite the fines being so significant, they’re not going to impact Meta’s bottom line a whole lot.

But it is another consideration, that will have some bearing on Meta’s Q4 and full year earnings. And while Meta may look to appeal, it is going to have to pay something, as it looks to appease regulatory concerns.