Irish Supervisory Authority announces decision in Facebook “Data Scraping” inquiry

Dec 1, 2022

Source: European Data Protection Board

Background information

Date of final decision: 25 November 2022
Cross-border, subject to the cooperation and consistency mechanism outlined in Article 60 GDPR.
LSA: Irish Supervisory Authority (SA).
and CSAs:  all other European SAs.    
Controller: Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) (‘Meta Platforms’).
Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR).
Decision: infringement of Articles 25(1) and 25(2) GDPR, order to bring processing into compliance, and administrative fines totalling €265 million.
Key words: Data Protection by Design and Default, cross-border, Article 25.


Summary of the Decision


Origin of the case

The Irish Supervisory Authority, SA commenced this inquiry on 14 April 2021, on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet.


Key Findings                                   

The scope of inquiry concerned an examination and assessment of the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms  during the period between 25 May 2018 and September 2019. The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default. The DPC examined the implementation of technical and organisational measures pursuant to Article 25 GDPR (which deals with this concept).



The decision, which was adopted on Friday, 25 November 2022, records findings of infringement of Articles 25(1) and 25(2) GDPR. The decision imposed a reprimand and an order requiring Meta Platforms to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe. In addition, the decision has imposed administrative fines totalling €265 million on Meta Platforms.


For further information: Data Protection Commission announces decision in Facebook “Data Scraping” inquiry

Recent news

Europe Day 2024

Europe Day commemorates the signing of the Schuman Declaration, to celebrate peace and solidarity in Europe. Every year, the EDPB takes part in Europe Day, with an interactive stand manned by volunteers from the EDPB Secretariat and national DPAs, to raise awareness...

read more