The fines relate to an incident when a "collated dataset of Facebook personal data was made available on the internet. This included the personal information associated with 533 million users of the social media platform, including their phone numbers, dates of birth, locations, email addresses, gender, marital status, account creation date, and other profile details.
Meta said that the information was "old data" that was obtained by malicious actors by taking advantage of a technique called "phone number enumeration" to scrape users' public profiles. This entailed misusing a tool called "Contact Importer" to upload a huge list of phone numbers to uncover matches.
This was behind Facebook's move to remove the ability to use phone numbers to retrieve information via scraping as of August 2019.
The Irish watchdog ordered Meta's Irish unit to make sure its processing complies with the EU data protection laws.
It is the fourt time that Ireland has slapped fines on Meta and its subsidiaries. In September 2021, the WhatsApp messaging service was fined €225 million for not being transparent about how users' personal information is gathered and shared with Meta.
Then earlier this March, the DPC followed it by issuing fines of €17 million for a number of security issues that led to 12 different data breach notifications between June 7 and December 4, 2018, and exposed the information of up to 30 million Facebook users.
Meta's Instagram was fined €405 million in September 2022 for violating the GDPRover mishandling children's data online by making public the phone numbers and email addresses of those operating business accounts.