TRENDING:

General Data Protection Regulation (GDPR) , Legislation & Litigation , Standards, Regulations & Compliance

Facebook Opposes Irish Data Watchdog's 265-Million-Euro Fine

High Court Says Facebook Can Pursue Litigation Against Data Protection Commission Akshaya Asokan (asokan_akshaya) • March 28, 2023    
Facebook Opposes Irish Data Watchdog's 265-Million-Euro Fine
Facebook's European headquarters building in Dublin's Grand Canal Dock in a photo taken in June 2019 (Image: Shutterstock)

Facebook is asking Ireland's High Court to quash a 265-million-euro fine levied by the country's data privacy watchdog in November after the phone numbers and other profile information of more than half a billion users appeared online.

See Also: OnDemand | Protect and Govern Sensitive Data

A High Court justice granted Facebook permission to pursue litigation over the fine from the Irish Data Protection Commission, reported The Irish Times on Monday. The company seeks a ruling that parts of the country's data protection statute are unconstitutional and says the commission lacked authority to impose a 265-million-euro fine - a "sanction so severe as to be criminal in nature," the newspaper reported.

A user of the now-shuttered BreachForums in April 2021 posted a data set of 533 million Facebook profiles, including mobile numbers, email addresses and names scraped from the site in 2018 and 2019. Facebook said the bad actors had exploited a technique it curtailed in 2019. The Irish Data Protection Commission determined that Facebook had run afoul the "data protection by design and default" requirement mandated by Europe's General Data Protection Regulation and Irish law.

Facebook is arguing that the requirement applies to its own actions and that it shouldn't be used to punish it for the abusive conduct of third parties.

"It just doesn't seem like a great argument," said Antoin O Lachtnain, director of Digital Rights Ireland, when reached by phone by Information Security Media Group. The Irish Data Protection Commission never determined whether the scraping caused injury, just that Facebook hadn't complied with a technical requirement of the GDPR, he said. European data protection laws allow fines up to 4% of a firm's global revenue, he added.

Facebook reported revenue of $23 billion in 2022 and $39 billion in 2021. For Facebook, a 265-million-euro fine "is just a number. It's not really a very big fine in context," he said.

Digital Rights Ireland earlier this year challenged the Irish Data Protection Commission in court by arguing that the commission should have found Facebook liable for the scraped information.

The civil society group and the commission settled in February, and the commission agreed to consider a complaint filed by Digital Rights Ireland seeking a finding of liability.

With reporting by ISMG's David Perera in Washington, D.C.

Previous
North Korean Threat Groups Steal Crypto to Pay for Hacking
Next
Health Plan, Mental Health Provider Hit by GoAnywhere Flaw

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.