The Irish privacy regulator DPC has imposed a GDPR fine of 265 million euros, around 0.5 per leaked dataset, on Meta for a major data breach at Facebook that left the data of 533 million users on the street. Last year, Ireland’s data protection authority launched an investigation after media reported about a dataset of 533 million Facebook users being offered on the internet. It involved Facebook ID, full name, phone number, gender, location, previous location, date of birth, in some cases email address, relationship status and other information. The data was collected through scraping, which abused a feature of the platform. The DPC reports that Facebook has violated Article 25 (1 and 2). The article deals with data protection ‘by default and design’ and states that processors take appropriate technical and organizational measures to ensure that, in principle, only personal data is processed that is necessary for each specific purpose of the processing, but also minimal data processing. In addition to the fine of 265 million euros, Meta must also implement corrective measures within a certain time. Do you think 0,50 Euros is enought when malicious people use your dataset for social engineering, scams, hacking and marketing?
