Yazılar

Meta’s Irish Division Penalized $264 Million for Data Breach

/in /tarafından

Meta Fined $264 Million Over 2018 Data Breach Impacting 29 Million Users

Meta Platforms’ Irish division has been fined €251 million ($264 million or approximately Rs. 2,242 crore) by Ireland’s Data Protection Commission (DPC) following two investigations into a 2018 data breach. The breach reportedly exposed the personal data of 29 million Facebook users globally, including full names, email addresses, phone numbers, timeline posts, and group memberships.

Breach Details and Global Impact

The breach was first reported by Meta Platforms Ireland Limited in September 2018. According to the DPC’s findings, the data of around three million users in the European Union and European Economic Area was compromised. The breach occurred due to unauthorized third-party exploitation of user tokens on Facebook. Meta and its US parent company addressed the issue shortly after it was discovered.

GDPR Violations and Findings

The DPC concluded that Meta violated General Data Protection Regulation (GDPR) rules by failing to adequately document details of the breach and the corrective measures taken. Additionally, Meta was found to have breached GDPR’s requirement to ensure that only data necessary for specific purposes is processed by default.

Meta’s Response and Prior Fines

In a statement, a Meta spokesperson highlighted that the company had taken immediate action to address the breach, notified affected users, and implemented measures to prevent future incidents. Earlier this year, the Irish watchdog fined Meta €91 million ($95.6 million or approximately Rs. 812 crore) over an investigation related to password storage practices.

EU Privacy Regulator Fines Meta 251 Million Euros for 2018 Data Breach

/in /tarafından

Meta has been fined 251 million euros ($263.5 million) by the Data Protection Commission (DPC), the lead European Union data privacy regulator, for a 2018 security breach that exposed the personal data of 29 million users on Facebook.

Details of the Breach

The breach occurred after cyber attackers exploited a vulnerability in Facebook’s “View As” feature, which allowed users to see how their profile appeared to others. This vulnerability led to the exposure of sensitive personal data, including users’ full names, contact details, location, place of work, date of birth, religion, gender, and in some cases, children’s personal information.

According to Graham Doyle, Deputy Commissioner at the DPC, the breach posed a significant risk for the misuse of this data. Although the breach affected 29 million accounts globally, 3 million of those were in the EU and the European Economic Area (EEA).

Meta’s Response and Penalty

Meta addressed the issue shortly after the breach was discovered and took action to remedy the vulnerability. Despite this, the DPC imposed a fine under the EU’s General Data Protection Regulation (GDPR), which has led to significant penalties for Meta in recent years. To date, Meta has been fined almost 3 billion euros for breaches under GDPR, including a record 1.2 billion euros fine in 2023 related to data privacy violations, which Meta is currently appealing.

Meta’s Appeal

Meta has announced its intention to appeal the fine and reiterated its commitment to protecting users’ privacy. A company spokesperson stated, “We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission.”

Broader Context

The DPC oversees the majority of large U.S. internet companies operating in the EU, as these firms have their European operations based in Ireland. This fine marks another chapter in the EU’s ongoing efforts to enforce data protection regulations under the GDPR, which was introduced in 2018 to strengthen privacy rights across the region.

 

Italy Concludes Probe into Meta Executives for Alleged €887.6 Million VAT Evasion

/in /tarafından

Italian prosecutors have concluded their investigation into alleged tax evasion by Meta (META.O), the parent company of Facebook, involving two executives from its Irish subsidiary, Meta Platforms Ireland Ltd. The probe centers on a claimed €887.6 million ($937.93 million) in VAT evasion. This marks a significant step in the process, although no trial requests have been made yet, as the suspects are still allowed to prove their innocence.

Implications for the Industry

The case could have broader consequences for the tech industry, as it involves how Meta provides access to its platforms like Facebook and Instagram. While the €887.6 million might seem modest compared to Meta’s $32 billion in annual revenue, the issue revolves around the way user data is exchanged for free access to these services, which could set a precedent for how other tech companies are taxed.

Tax Dispute with Italy’s Revenue Agency

The core of the investigation is tied to ongoing negotiations between Meta and Italy’s Revenue Agency. Last year, Italian tax authorities argued that Meta’s user registrations should be considered taxable transactions, as they involve the non-monetary exchange of personal data for access to social media services. The authorities claim that between 2015 and 2021, Meta failed to declare nearly €4 billion in taxable income, leading to VAT evasion of more than €887 million.

Next Steps and Meta’s Response

Meta has 60 days to respond to the Revenue Agency’s observations, after which the company can either settle by paying the proposed amount or initiate a legal challenge. Meta disagrees with the tax authority’s stance, arguing that providing users with access to its platforms should not be subject to VAT. In response to the dispute’s complexity, Italy’s Ministry of Finance has sought a technical opinion from the European Commission’s VAT Committee, though no response has been received yet.