Meta has been found in violation of Europe's GDPR rules requiring the social media giant to protect user data by "design and default."

Dark Reading Staff, Dark Reading

November 28, 2022

1 Min Read
Image of GDPR seal
Source: ikaross via Alamy Stock Photo

Following the discovery of a data set of Facebook user personal data available on the Internet, the European Union's Data Protection Commission (DPC) has found Meta Platforms Ireland Ltd. (MPIL) in violation of General Data Protection Regulation rules, fining the platform $275 million (€265 million), and requiring the company to make cybersecurity changes. 

The breached personal data was first discovered in April 2021, and followed by the launch of a DPC investigation, the regulator explained in an announcement of its findings. DPC reported that Facebook was out of compliance with the GDPR regulation to provide "data protection by design and default." As a result a threat actor was able to use "data scraping" to exfiltrate massive amounts of collated personal user data, the DPC said.

"The decision imposed a reprimand and an order requiring MPIL to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe," the DPC ruled. "In addition, the decision has imposed administrative fines totaling €265 million on MPIL." 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights