Meta is sanctioned €251m ($263.5m) by the EU's data privacy regulator over the 2018 Facebook security breach. The attack, involving 29 million users, occurred due to cyber attackers’ manipulation of a bug in the social network’s “View As” function. This specifically helped users to see how the profile is visible to other individuals, which in turn led to a data leak.
EU Fines Meta €251M Over 2018 Facebook Data Breach
The flaw, which Meta revealed to Ireland’s Data Protection Commission (DPC) at the time, was opening a wide range of personal information. The leakage included full names and contact info, address and workplace details, date of birth, gender and religion, and even information about users’ children, as stated by the DPC.
The DPC also stated that Meta failed these tests for allowing people to make their personal data public, which was a huge risk that was bound to be exploited. The case has shifted attentiveness towards the safety of user information on such powerful social networking sites, together with the ways that potential shortcomings might be encrypted to allow for violations of this magnitude.
This fine is among the increased regulatory pressures that Meta faces in Europe over its processing of user data. The company has been fined for the violation of privacy rights also before, and this new penalty also speaks volumes about the increasing value of data protection in the modern world.
The regulatory actions that would be taken against Meta for this and the fine it paid will determine the actions to take against it in the future. The growth of more restrictive legislation in relation to personal data protection around the globe means that businesses will have to up the ante to ensure that mishaps are not very costly for them as well as safeguard the user’s data.
Meta Faces €251M Fine Over 2018 Data Breach as EU Scrutiny Intensifies
The data leakage was detected by the company in 2018 and was immediately responded to, the Data Protection Commission stated. The breach involved 29 million Facebook accounts throughout the world, with about 3 million people simply in the EU and EEA. It also leaked user information and thereby raised questions of user privacy.
The DPC is Ireland-based and bears the responsibility of the lead EU regulator for large American technology giants owing to their operations in the EU. This central role has placed the DPC as one of the leading enforcers of the European Union’s strict data privacy laws, including the General Data Protection Regulation (GDPR) launched in 2018.
Meta has incurred serious penalties for the management of users’ data since the implementation of GOP. The DPC has recently fined the company almost €3 billion over a range of infringements, and the subsequent cases show that large tech companies are increasingly likely to face huge financial penalties for data protection violations.
Meta was the firm that has experienced one of the highest penalties in the GDPR regulating structure, namely €1.2 billion in 2023. This fine, which Meta is challenging, shows that EU regulators will not compromise when it comes to enforcing users' privacy laws and/or punishing companies that mishandle users’ data.
More specifically, Meta is still struggling with regulatory issues in Europe, so the reactions to such fines and the further privacy problems are awaited. The rising trend of and increasingly large penalties indicates that the giants have to ramp up the protection of data to prevent further legal penalties.
Meta to Appeal €251M EU Fine Over 2018 Data Breach
In September 2020, Meta indicated that it will appeal against the €251 million fine that was inflicted by the EU over a 2018 Face book data debacle. The company said that it has taken numerous steps to protect the users’ data in its applications, claiming that security problems are promptly resolved. Meta managing user data has come under much criticism, especially in the aftermath of data breaches.
A Meta spokesperson came out to defend the company’s response, saying that it acted immediately to fix the problem when it was realized that someone had gained unauthorized access to the top-tier bank. Meta also said that the company cooperated with those affected and took necessary actions in relation to the breach, as well as cooperating with the Irish Data Protection Commission (DPC). It has, in fact, argued that they are examples of its commitment to the privacy of users.
Still, according to these claims, the DPC discovered that the breach revealed the personal details of millions of Facebook users. Therefore, the fine was issued as part of the enforcement of the strong regulation of the data protection under the GDPR of the EU. This breach remains the primary issue that Meta companies have been experiencing in the current legal disputes.
It is believed that Meta will mainly argue that the gravity of the fine is so high as they regard the severity of the breach they addressed. The company is appealing the verdict while at the same time insisting that it responded promptly and immediately. That would mean that the outcome of the appeal could set a precedent on the enforcement of GDPR regulations in the global market.
With efforts to rectify the fine and the breach simultaneously, Meta is still on the European watchlist. This brings us to the question of data protection and penalties that organizations are bound to suffer for negligence on the part of the company they represent in the era of social media and increased cybersecurity threats.
