Facebook’s parent company has been fined €265m by the Irish Data Protection Commission.

It comes after the personal information of hundreds of millions of Facebook users was published online.

The Data Protection Commission (DPC) opened the investigation after the information, which included the names, phone numbers and email addresses of over 530 million users, were posted to an online forum.

It found Meta to be in breach of GDPR and imposed fines totalling €265 million alongside orders to take a range of action to bring the company up to code.

Privacy

This afternoon, a Meta spokesperson said the company cooperated fully with the investigation.

"Protecting the privacy and security of people’s data is fundamental to how our business work,” she said.

“That’s why we have cooperated fully with the Irish Data Protection Commission on this important issue.

“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers.

“Unauthorised data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully.”

Data scraping

Meta said ‘data scraping’ impacts on companies of all sizes and is “impossible to totally prevent”.

The company has put in place a range of new measures to reduce the threat, including rate limits, technical and automatic investigative tooling and working with threat intelligence researchers.

Users are urged to use Facebook’s privacy settings to make it harder for their information to be misused.