Ireland’s Data Protection Commissioner (DPC) has placed yet another fine of €265 million ($277 million) on Meta following Facebook’s data scraping case. The penalty was levied at the social media app for being unable to prevent millions of phone numbers, email addresses, and other personal data from being ‘scraped’ and published onto the internet. This fine was concurred by other European data regulators.
The failure to protect such data led to the publication of personal data of Irish police officers, sitting judges, prison officers, social workers, journalists, and others, leading to a spike in scam calls and texts in Ireland and Europe.
This follows last year’s sanctioning of Whatsapp which resulted in a €225 million ($267 million) fine for Meta after they failed to adequately provide details of how they processed personal data. At the time, WhatsApp appealed the decision.
In March, Facebook was given another fine of €17 million ($18.6 million) by DPC for organization inadequacies followed by a record €405 million ($402 million at the time) penalty on Instagram in September 2022 for not protecting the privacy of children’s accounts.
According to Irish Independent’s report, the total amount of fines levied on Meta by Ireland’s regulator is at €912 million throughout the last 12 months.
- Facebook data of 500M+ users from 106 countries leaked online
- Facebook sues developer of data scraping extensions for Chrome
- Chinese firm leaked 200m Facebook, Instagram, LinkedIn users’ data
- Exclusive: Hacker selling 500M Facebook user data from 82 countries
- Facebook sues Ukrainian man for scraping and selling 178m users’ data
- Leaked database exposed login data of 100k hacked Facebook accounts
In the Facebook data scraping case, 1.3 million Irish Facebook accounts were affected while hundreds of millions were affected globally. Facebook defended itself by blaming “bad actors” who had “scraped” Facebook’s website for personal details.
But Ireland’s DPC found such a defense unjustified since it was Facebook that had not designed its security system in a way to counter and stop such “scraping” from happening.
Facebook, the DPC found, had failed GDPR provisions obliging the company to “implement appropriate technical and organizational measures”. It also found that Facebook failed GDPR rules that require it to implement “appropriate technical and organizational measures” which “ensure that, by default, personal data are not made accessible without the individual’s intervention”.
What is Data Scraping?
Data scraping or web scraping is the process of extracting data from websites. It can be done manually by a user, but it is more commonly done using automated tools. Automated data scraping tools can extract data from multiple web pages and store it in a format that can be used for further analysis.
Data scraping can be used to collect data about products, prices, reviews, and more. It can also be used to automatically fill out forms or to scrape the contact information from websites.