Facebook — Enforcement

majorAnti-PrivacyJul 26, 2022 → Nov 25, 2022Enforcement

Executive Summary

The Irish DPC fined Meta €265 million for failing to protect user data 'by design and by default' under GDPR, after 533 million Facebook users' data was scraped and leaked online. The data had been harvested through a vulnerability in Facebook's contact importer tool before September 2019.

Post LinkedIn Reddit Email

eu-compliance enforcement data-breach data-scraping

What Happened

On November 25, 2022, Ireland's Data Protection Commission fined Meta €265 million for violating GDPR's Data Protection by Design and Default requirements. The inquiry examined Facebook Search, Facebook Messenger Contact Importer, and Instagram Contact Importer tools used between May 2018 and September 2019. The investigation was launched in April 2021 after 533 million Facebook users' personal data, including phone numbers, locations, birthdates, Facebook IDs, full names, and email addresses, was discovered leaked on a hacking website, having been scraped through a vulnerability in Facebook's contact importer tool that was fixed in 2019.

Who Is Affected

533 million Facebook users worldwide were affected by this data leak. The leaked dataset contained highly personal information including phone numbers, locations, birthdates, Facebook IDs, full names, and email addresses from the 2018-2019 period.

Why It Matters

This €265 million fine represents the third-largest penalty issued under GDPR to date and demonstrates increasingly strict enforcement of data protection requirements by European regulators. The case establishes that companies must implement technical and organizational measures to protect user data from the design stage, not just respond after breaches occur. It follows other significant Meta penalties including a €405 million fine in September 2022 and contributes to GDPR fines now exceeding €2 billion total.

What You Should Do

If you were a Facebook user between 2018 and 2019, assume your personal data including phone number, location, birthdate, and email address may have been exposed. Review your Facebook privacy settings and consider changing passwords and email addresses associated with your account. Monitor for suspicious activity or phishing attempts that may use your leaked personal information, and be cautious of unexpected contacts claiming to have obtained your details from Facebook.

AI-Assisted

Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.

Sources

Related Events