Meta takes Ireland's data watchdog to court over fine for breach of 29 million Facebook accounts
It comes after Meta hit the headlines earlier this week after announcing a significant change to its content moderation policies in the US. File photo: AP/Tony Avelar
Meta has launched High Court proceedings against Ireland’s Data Protection Commission (DPC), after it was hit with hefty fines totalling €251m last month by the watchdog.
Papers were filed in the High Court on Wednesday understood to be against the decision from the DPC, which arose from a data breach in 2018 that exposed millions of users’ accounts. The breach happened when hackers gained access to user accounts by exploiting bugs in the platform’s code that allowed them to steal digital keys, known as access tokens.
Impacting around 29 million Facebook accounts globally, including three million in Europe, the personal data affected included the user’s full name, email, phone number, place of work, date of birth, religion, gender, posts, groups of which they were a member, and children’s personal data.
The breach was remedied by Meta Platforms Ireland Ltd and its US parent company shortly after it was discovered. Following the issuing of the fine, Meta said it took “immediate action” to address the issue and “proactively informed people impacted”.
Graham Doyle, DPC deputy commissioner, said:
“Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances. By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”
Two separate cases filed by Meta are listed for mention in the High Court on February 12. It has launched similar cases against the DPC in recent months.
In October, it filed papers in relation to a €91m fine dished out following an investigation which found multiple breaches of the General Data Protection Regulation (GDPR). That probe related to the improper storage of passwords of certain social media users on Meta’s internal systems.
Last month, the reported just a tiny fraction of the €3.26bn in fines levied by the DPC over the previous five years has been collected. The DPC said of all fines issued between 2020 and October 2024, only €19.9m of the total had been paid so far.
It said decisions to issue fines must be ratified by the Circuit Court but such applications can only be made if the right to appeal isn't exercised.
“In these circumstances, it is only in those cases where the data controller or processor has not sought to bring a legal challenge against the underlying decision that the DPC has been able to make the confirmation application and collect the fine,” it said.
It comes after Meta hit the headlines earlier this week after announcing a significant change to its content moderation policies in the US.
CEO Mark Zuckerberg said Facebook and Instagram will move away from using third-party fact-checkers to flag misleading content in favour of user-based notes similar to X, as critics said it would allow misinformation spread more easily online.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
