Twelve weeks after imposing a record €405 million fine on Meta’s Instagram unit, data regulator Helen Dixon has hit the parent company with another large sanction, this time for €265 million. Total fines against the Facebook owner in 14 months now amount to €910 million.
Ms Dixon was for years criticised for slow inquiries into Big Tech privacy violations, the argument being that the lack of penalties meant a lack of regulation and failure to hold companies to account. She always rejected that critique, although bitter disputes with European counterparts who wanted tougher action delayed the process.
Europe’s general data protection regulation (GDPR) and Ireland’s outsized role in it is still a work in progress.
But the rate at which Meta is racking up major fines justifies serious consideration about its attitude to the privacy of its many users. Penalties on a scale that would cripple many smaller companies might be merely a financial blip to a behemoth such as Meta, yet it is difficult to escape the conclusion that there has been a cavalier attitude to users’ privacy within the company.
The latest fine comes after an inquiry into media reports that a “collated” set of Facebook personal data was made available on the Internet, an appalling prospect. The Instagram breaches affected potentially millions of teenagers using the platform after mobile phone numbers and email addresses were published automatically under a default settings on the app’s “business account” service; the company has since changed the settings.
Meta appeals in the courts will put Ms Dixon’s decision-making to the test. But a fourth privacy violation in a series of highly unflattering rulings endorsed by data regulators throughout the EU and beyond speaks volumes. Not a good day for Meta – and reason, yet again, for its users to pause for thought when they entrust their personal data to the company.