Meta is framing the lawsuit as an opening volley in a war against data scraping and invasive surveillance by law enforcement partners. The surveillance company has clearly gone farther than is usual given the creation of some 38,000 fake accounts.
Irish DPC has handed down a €390 million fine to Meta over its targeted advertising practices on Facebook and Instagram. The fine stems from a long legal battle over Meta's claim that users enter into an implicit contract agreeing to receive personalized ads when they accept the terms of service.
Up to 87 million Facebook accounts had user data inappropriately accessed during the Cambridge Analytica scandal, in which a weakness in the platform's API was used to harvest protected profile and activity information.
Rogue Meta employees and contractors abused an internal tool called "Oops," which is primarily intended for in-house account recovery for employees and business partners. There were some cases of account hijacking for money.
The GDPR fine was sparked by a round of media reports in early 2021 documenting how the personal data of over 530 million Facebook users was left open to data scraping for an extended period thanks to faults in certain tools.
Malicious apps appear to be flying below the radar of Google and Apple security by not taking an approach of installing malware or keyloggers; instead they simply ask for Facebook login information as a condition of starting up the app.
Meta stands accused of breaking Apple privacy rules, as a set of proposed class-action lawsuits describes it using its in-app browsers to track activity without user knowledge or consent.
Underage Instagram users were opting to ignore privacy settings and work around them by opening business accounts, leading to a GDPR fine of €405 Million by the Irish DPC.
Anonymous inside sources revealed that an attack campaign conducted in the middle of 2021 netted sensitive user data from Apple and Meta, with the hackers posing as legitimate law enforcement agencies.
Facebook’s new €17 million GDPR fine stems from a failure to demonstrate that adequate security measures were in place to prevent the data breaches in 2018.