Ireland: Issued EUR 265 million fine to Facebook for personal data breach (“Data Scraping” Inquiry)

On 25 November 2022, the Irish Data Protection Commission (DPC) announced it had concluded its investigation into Meta for a personal data breach by Facebook during the period between 25 May 2018 and September 2019. The DPC found that Facebook had violated the data protection by design and default requirements outlined in Article 25 of the EU General Data Protection Regulation after a compiled dataset of Facebook personal data had been made public on the internet. The DPC imposed a fine on Meta of EUR 265 million.