Facebook’s parent company Meta is in trouble yet again over its failure to safeguard the personal data of its users. In November 2022, regulatory authorities in Ireland enforcing the EU’s General Data Protection Regulation (GDPR) fined the company approximately $275 million in connection with a data breach that occurred in 2021. In this breach, hackers were able to extract the personal information of over 500 million users of Meta social media apps.
This isn’t the first time Meta has been financially penalized by Irish authorities in the EU. In September, the organization was fined $400 million for “mistreatment of children’s data.” Less than a year before, investigators found multiple data privacy and security issues with Meta’s WhatsApp messaging service and fined the company $235 million.
Deactivating Facebook is the only surefire way to keep your information safe, but if you must keep your profile, we have some tips to keep your information safe.
What Data Was Stolen and What Happened to It?
The data stolen in the 2021 breach included Meta social media app users’ names, physical locations, and birth dates. The information was later found to be offered for sale on an online hacking forum, a marketplace for cybercriminals.
This type of personal information can provide bad actors with a good start on committing identity theft or synthetic identity fraud. It can also be used in impersonation scams and to facilitate other cybercrimes.
About the GDPR
Enacted in 2018, the GDPR is designed to protect the online privacy of EU residents. The GDPR is more restrictive than online privacy regulations in the U.S. and many other nations. This EU legislation provides for the issuance of hefty fines like those levied against Meta when privacy requirements are not met.
The reason why the Meta fines were issued by authorities in Ireland is because that is where the company’s European headquarters is located. The EU operations of other big tech companies including Twitter and Google are also based in Ireland.
How This Impacts Meta and Its Empire
As you can imagine, all of these issues have significantly – and negatively – impacted Meta’s social media empire. The company’s U.S. stock prices have dropped significantly during the second half of 2022. This most recent EU fine was issued only a few weeks after Meta laid off more than 11,000 employees worldwide. CEO Mark Zuckerberg said Meta is going through “one of the worst downturns” in the company’s history.
In a letter addressing the layoffs and financial downturn, Zuckerberg stated, “I want to take accountability for these decisions and for how we got here. I know this is tough for everyone, and I’m especially sorry to those impacted.” This isn’t the first time the CEO has promised to be accountable for what goes on in his company.
Meta’s User Privacy Issues
Ongoing and multiple data privacy issues involving Facebook and its parent company Meta over the years have not been limited to the EU. Here are just two examples:
In 2013, in what came to be known internationally as the Cambridge Analytica Scandal, an online quiz app was used to collect personal information and build psychological profiles on 87 million Facebook users. The profiles were used by political operatives to try and influence the outcomes of elections in both the U.S. and U.K. Facebook eventually agreed to pay fines totaling a staggering $5 billion.
Early in 2022, when several nations were considering the implementation of new and more stringent data privacy regulations, a leaked internal document drafted by Facebook engineers indicated that the company would be unable to comply with certain provisions of that legislation should it become law. The engineers admitted that they lacked, “an adequate level of control and explainability over how our systems use data.” They went on to admit that, “we can’t confidently make controlled policy changes or external commitments such as “we will not use X data for Y purpose.”
Similar to his promise to take accountability issued in the wake of Meta’s recent financial downturn was the vow Zuckerberg made in 2018, five years after the Cambridge Analytica scandal came to light. Back then, Zuckerberg stated, “We have a responsibility to protect your data and if we can’t we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again.”
Given the admissions made in the internal Facebook document leaked in 2022, company engineers still lacked understanding of how the personal user data collected by their systems are utilized and how to control that utilization four years after Zuckerberg’s pledge.
You can read more about these issues in our previous blog article. The article also includes instructions for deactivating Facebook if you wish to do so.
If You’re a Die-Hard Meta/Facebook Social Media App User
If you simply can’t stop using Meta social media apps like Facebook and WhatsApp, there are some things you can do to better protect your sensitive information. You are still, however, placing your trust in Meta to safeguard the personal data that you must provide to use these apps as well as the information you include in your posts.
Review the privacy policies and security settings for the social media apps you use. Take advantage of the security settings that make it more difficult for the site to collect, share, and use your personal information.
Refrain from participating in online quizzes. Remember what happened to 87 million people during the Cambridge Analytica scandal who thought they were just taking a fun, seemingly harmless quiz.
Be careful about what you share and who you share it with on any social media app. Sharing information that might include answers to account security questions like the name of your first pet or the street you grew up on could allow bad actors to hack into your accounts.
Avoid posting your birthday or those of your friends or family members. Identity thieves love to get that kind of personal data. Don’t share your home address or your vacation plans, either. You may be providing the information to a burglar or even a pedophile who might use it to make contact with your children.
Sometimes it’s okay to lie. Give false personal information whenever you can get away with it. For example, avoid providing your real date of birth when creating your social media profile. There’s no harm in doing this. If your social media site gets hacked as Meta did, the attacker will not get your real DOB. A false DOB makes it more difficult for identity thieves to do things like opening financial accounts in your name. You may even want to use a fake name when possible. When you do these things, just be sure you keep a record of your untruths just in case you have trouble accessing the accounts later.
Be sure to use different passwords for each of your online accounts. This is good advice whether you’re a social media user or not. If you use the same credentials on multiple accounts, all of those accounts are at risk if that password is stolen in a data breach. Many times you don’t find out about a breach until months or even years later, if at all. Your accounts could be at risk for that entire time frame. If, like most of us, you have a lot of online accounts, consider using a password manager to create and securely store unique passwords for each one. That way, you will not need to remember them or write them down (also a very bad idea).
You can learn more about managing your online privacy and protecting your data and devices here.
