Twelve weeks after imposing a record âŹ405 million fine on Metaâs Instagram unit, data regulator Helen Dixon has hit the parent company with another large sanction, this time for âŹ265 million. Total fines against the Facebook owner in 14 months now amount to âŹ910 million.
Ms Dixon was for years criticised for slow inquiries into Big Tech privacy violations, the argument being that the lack of penalties meant a lack of regulation and failure to hold companies to account. She always rejected that critique, although bitter disputes with European counterparts who wanted tougher action delayed the process.
Europeâs general data protection regulation (GDPR) and Irelandâs outsized role in it is still a work in progress.
But the rate at which Meta is racking up major fines justifies serious consideration about its attitude to the privacy of its many users. Penalties on a scale that would cripple many smaller companies might be merely a financial blip to a behemoth such as Meta, yet it is difficult to escape the conclusion that there has been a cavalier attitude to usersâ privacy within the company.
The latest fine comes after an inquiry into media reports that a âcollatedâ set of Facebook personal data was made available on the Internet, an appalling prospect. The Instagram breaches affected potentially millions of teenagers using the platform after mobile phone numbers and email addresses were published automatically under a default settings on the appâs âbusiness accountâ service; the company has since changed the settings.
Meta appeals in the courts will put Ms Dixonâs decision-making to the test. But a fourth privacy violation in a series of highly unflattering rulings endorsed by data regulators throughout the EU and beyond speaks volumes. Not a good day for Meta â and reason, yet again, for its users to pause for thought when they entrust their personal data to the company.
