The GDPR fine was sparked by a round of media reports in early 2021 documenting how the personal data of over 530 million Facebook users was left open to data scraping for an extended period thanks to faults in certain tools.
Underage Instagram users were opting to ignore privacy settings and work around them by opening business accounts, leading to a GDPR fine of €405 Million by the Irish DPC.
Meta has issued statements indicating that a stoppage of EU-US data transfers would be "devastating" and could cause it to pull services from the region, even specifically naming Facebook and Instagram as products that could become inaccessible.
Up to 87 million Facebook accounts had user data inappropriately accessed during the Cambridge Analytica scandal, in which a weakness in the platform's API was used to harvest protected profile and activity information.
Rogue Meta employees and contractors abused an internal tool called "Oops," which is primarily intended for in-house account recovery for employees and business partners. There were some cases of account hijacking for money.
Anonymous inside sources revealed that an attack campaign conducted in the middle of 2021 netted sensitive user data from Apple and Meta, with the hackers posing as legitimate law enforcement agencies.
Irish DPC has handed down a €390 million fine to Meta over its targeted advertising practices on Facebook and Instagram. The fine stems from a long legal battle over Meta's claim that users enter into an implicit contract agreeing to receive personalized ads when they accept the terms of service.
Meta stands accused of breaking Apple privacy rules, as a set of proposed class-action lawsuits describes it using its in-app browsers to track activity without user knowledge or consent.
Malicious apps appear to be flying below the radar of Google and Apple security by not taking an approach of installing malware or keyloggers; instead they simply ask for Facebook login information as a condition of starting up the app.
Facebook’s new €17 million GDPR fine stems from a failure to demonstrate that adequate security measures were in place to prevent the data breaches in 2018.
