Meta Fined $275 Million for Breaking E.U. Data Privacy Law

LONDON — In the latest penalty against Meta for violating European privacy rules, the tech giant was fined roughly $275 million on Monday for a data leak discovered last year that led to the personal information of more than 500 million Facebook users being published online.

The penalty, imposed by Ireland’s Data Protection Commission, brings the total fines to more than $900 million that the regulator has imposed on Meta since last year. In September, the same regulator fined the company roughly $400 million for its mistreatment of children’s data. Last October, Irish authorities fined Meta, which was previously called Facebook, 225 million euros, or about $235 million, for violations related to its messaging service WhatsApp.

The accumulating penalties will be a welcome sign to privacy groups that want to see European Union regulators more aggressively enforce the General Data Protection Regulation. The law was hailed as a landmark moment in the regulation of technology companies when it took effect in 2018, but regulators have since faced criticism for not applying the rules strongly enough.

Ireland has been under pressure because of the key role it plays in enforcing E.U. data protection rules. The country is tasked with policing tech companies’ compliance with the 2018 law as a result of companies such as Meta, Google and Twitter all locating their E.U. headquarters in Ireland. TikTok, which also set up a E.U. hub in Ireland, is the subject of another investigation there.

The fine issued on Monday stems from an investigation started last year by Irish regulators into reports that Facebook had not safeguarded its platform against being “scraped” for information, leading to the publication on an online hacker forum of data that included users’ names, locations and birth dates, in violation of rules that require companies to safeguard personal information.

Meta said in a statement that “unauthorized data scraping is unacceptable and against our rules.” The company said it had changed its policies to prevent such practices. Meta did not say whether it would appeal the decision, as it is for the Instagram and WhatsApp penalties.

Meta is not the only tech giant facing scrutiny. Last year, Amazon was fined nearly 750 million euros over its online advertising practices by regulators in Luxembourg, where it has its European headquarters. In January, Google was fined 90 million euros by French regulators for violations related to the data collection of YouTube users.