Facebook’s owner (aka: Mark Zuckerberg) has been fined €265m by the Irish data watchdog after a breach that resulted in the details of more than 500 million users being published online.
The Data Protection Commission (DPC) said Meta had infringed the EU’s data protection laws after details of Facebook users from around the world were scraped from public profiles in 2018 and 2019.
The data appeared on a hacking website last year, prompting an investigation by the DPC, which is responsible for regulating Meta across the EU. The watchdog said a “significant” number of the users were from the EU.
In addition to the fine, it “imposed a reprimand and an order” requiring Meta to “bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe”.
In a statement Meta said: “We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorised data scraping is unacceptable and against our rules.”
The punishment brings the total amount of fines imposed on Meta by the DPC to nearly €1bn since September last year. In September Meta was fined €405m for letting teenagers set up Instagram accounts that publicly displayed their phone numbers and email addresses, while in March the watchdog fined Meta €17m for further GDPR breaches and in September last year it fined Meta’s WhatsApp €225m over “severe” and “serious” infringements of GDPR.
However, one legal expert questioned whether strong enforcement of the EU’s General Data Protection Regulation would have the deterrent effect that it intended.
“By any measure, these are significant fines,” said David Hackett, head of data protection in the Ireland office of law firm Addleshaw Goddard. “GDPR envisaged the imposition of such fines in part to serve as a deterrent to other companies which might consider breaching the law. We are likely to see increased debate about whether such fines actually influence corporate behaviour or if some companies simply see them as an added cost of doing business.”
The DPC regulates Apple, Google, TikTok and other technology platforms owing to the location of their EU headquarters in Ireland. It currently has 40 inquiries open into such companies, including 13 involving Meta.

Fidelity isn’t the first company to give 401(k) participants access to cryptocurrency assets. Another industry provider, ForUsAll Inc., has linked workers with cryptocurrency exchanges through brokerage windows for several years. Fidelity takes a different approach with its Digital Asset Accounts product, which doesn’t rely on outside exchanges or brokerage windows.

DOL provides a clear and definite warning to plan fiduciaries:

The plan fiduciaries responsible for overseeing such investment options or allowing such investments through brokerage windows should expect to be questioned about how they can square their actions with their duties of prudence and loyalty in light of the risks described above.

While the focus of this guidance is on 401(k) plans, the DOL’s warnings also extend to plans and plan fiduciaries responsible for allowing cryptocurrency investments through self-directed brokerage windows.

Update: A Partisan Divide

The Department of Labor's cryptocurrency guidance has provoked contrasting responses on Capital [sic] Hill.

On May 5, Sen. Tommy Tuberville, R-Ala. introduced legislation that would prohibit the DOL from limiting the kinds of products workplace retirement savers can invest in through self-directed brokerage accounts.
A day earlier, Sen. Elizabeth Warren, D-Mass., criticized Fidelity Investments for its decision to launch a new 401(k) cryptocurrency product, in a May 4 letter to Fidelity CEO Abigail Johnson.

Because Big Tech has bought out DC. Same as oil, defense and corn.