Irish Supervisory Authority Announces Decision in Facebook “Data Scraping” Inquiry

The Irish Supervisory Authority (“SA”) commenced this inquiry on 14 April 2021, on the foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet.

The scope of inquiry concerned an examination and assessment of the Facebook Search, Facebook Messenger Contact Importer, and Instagram Contact Importer tools in relation to the processing carried out by Meta Platforms  during the period between 25 May 2018 and September 2019. The material issues in this inquiry concern questions of compliance with the GDPR obligation for Data Protection by Design and Default. The DPC examined the implementation of technical and organisational measures pursuant to Article 25 of GDPR (which deals with this concept).

 The decision, which was adopted on Friday, 25 November 2022, records findings of infringement of Articles 25(1) and 25(2) GDPR. The decision imposed a reprimand and an order requiring Meta Platforms to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe. In addition, the decision has imposed administrative fines totalling €265 million on Meta Platforms.

You can reach the full text of the decision here.

Kind regards,

Zumbul Attorneys at Law

info@zumbul.av.tr