Up to 87 million Facebook accounts had user data inappropriately accessed during the Cambridge Analytica scandal, in which a weakness in the platform's API was used to harvest protected profile and activity information.
Meta is taking aim at private surveillance companies that it says act as "cyber mercenaries" for hire. The Facebook parent company has banned seven of these companies from the platform, citing the targeting of users in over 100 countries.
Meta is framing the lawsuit as an opening volley in a war against data scraping and invasive surveillance by law enforcement partners. The surveillance company has clearly gone farther than is usual given the creation of some 38,000 fake accounts.
The GDPR fine was sparked by a round of media reports in early 2021 documenting how the personal data of over 530 million Facebook users was left open to data scraping for an extended period thanks to faults in certain tools.
Underage Instagram users were opting to ignore privacy settings and work around them by opening business accounts, leading to a GDPR fine of €405 Million by the Irish DPC.
Malicious apps appear to be flying below the radar of Google and Apple security by not taking an approach of installing malware or keyloggers; instead they simply ask for Facebook login information as a condition of starting up the app.
Irish DPC has handed down a €390 million fine to Meta over its targeted advertising practices on Facebook and Instagram. The fine stems from a long legal battle over Meta's claim that users enter into an implicit contract agreeing to receive personalized ads when they accept the terms of service.
Meta has issued statements indicating that a stoppage of EU-US data transfers would be "devastating" and could cause it to pull services from the region, even specifically naming Facebook and Instagram as products that could become inaccessible.
Meta stands accused of breaking Apple privacy rules, as a set of proposed class-action lawsuits describes it using its in-app browsers to track activity without user knowledge or consent.
Facebook’s new €17 million GDPR fine stems from a failure to demonstrate that adequate security measures were in place to prevent the data breaches in 2018.
