Meta Fined $275 Million for Breaking E.U. Data Privacy Law

LONDON — In the latest penalty against Meta for violating European privacy rules, the tech giant was fined roughly $275 million on Monday for a data leak, discovered last year, that led to the personal information of more than 500 million Facebook users being published online.

The penalty, imposed by Ireland’s Data Protection Commission, brings the fines that the regulator has imposed on Meta since last year to more than $900 million. In September, the same regulator fined the company roughly $400 million for its mistreatment of children’s data. In October last year, Irish authorities fined Meta, which was previously called Facebook, 225 million euros, or about $235 million, for violations related to its messaging service WhatsApp.

The accumulating penalties will be a welcome sign to privacy groups that want to see European Union regulators more aggressively enforce the General Data Protection Regulation. The law was hailed as a landmark moment in the regulation of technology companies when it took effect in 2018, but regulators have since faced criticism for not applying the rules strongly enough.

Ireland has been under pressure because of the key role it plays in enforcing E.U. data protection rules. The country polices tech companies’ compliance with the 2018 law because companies such as Meta, Google and Twitter put their E.U. headquarters in Ireland. TikTok, which also set up a E.U. hub in Ireland, is the subject of another investigation there.

The fine issued on Monday stems from an investigation started last year by Irish regulators into reports that Facebook had not safeguarded its platform against being “scraped” for information, leading to the publication on an online hacker forum of data that included users’ names, locations and birth dates, in violation of rules that require companies to safeguard personal information.

Meta said in a statement that “unauthorized data scraping is unacceptable and against our rules.” The company said it had changed its policies to prevent such practices. Meta did not say whether it would appeal the decision, as it has for the Instagram and WhatsApp penalties.

Meta is not the only tech giant facing scrutiny. Last year, Amazon was fined nearly €750 million over its online advertising practices by regulators in Luxembourg, where it has its European headquarters. In January, Google was fined €150 million by French regulators because users were not given an adequate way to decline so-called cookie trackers used by online advertisers to trace a person’s internet browsing history.