Meta might have to interrupt open its authorized piggybank as soon as once more to place to relaxation but one other knowledge privateness high-quality in Europe.

On Monday, Irish regulators imposed a €265 million ($277 million) high-quality on Meta for an alleged privateness violation impacting greater than 500 million customers on the large blue Facebook app. The high-quality, which entails third-party knowledge scraping beforehand occurring on the platform, marks the third high-quality from the group in lower than two years.

The most up-to-date penalty stems from an April 2021 knowledge breach the place a hacker reportedly printed a trove of scraped private knowledge from customers on an internet discussion board which included cellphone numbers, Facebook ID’s and birthdays. That leaked trove, according to Politico, reportedly included private knowledge from EU Justice Commissioner Didier Reynders, Luxembourg Prime Minister, and different EU officers. At the time, Meta spokespeople (then simply referred to as Facebook) tried to play off the breach, claiming they had been made conscious of the difficulty again in 2019 and that data in query consisted largely of, “old data.”

Those obfuscations didn’t sit nicely with regulators at Ireland’s Data Protection Commission. In a blog post, the regulator says Meta didn’t adjust to the General Data Protection Regulation’s obligation to supply privateness by default and design. Aside from the high-quality, the regulators additionally issued a corrective measure supposed to convey Meta’s processing into compliance, “by taking a range of specified remedial actions.” It’s unclear precisely what these actions entail. The penalties conclude a greater than 18 month probe investigating the corporate’s knowledge safety practices.

Ireland, which remained within the EU after Britain formally left in 2020, performs a vital position in GDPR enforcement efforts because it’s the epicenter for a number of tech headquarters within the continent. Meta, Google, and Twitter all have headquarters in Ireland, which implies Ireland’s Data Protection Commission is accountable for imposing their GDPR compliance.

In an e mail to Gizmodo, a Meta spokesperson didn’t refute the regulators’ particular prices and mentioned it had “cooperated fully” with the investigation.

“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers,” the spokesperson mentioned. “Unauthorized data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge.”

The spokesperson wouldn’t say whether or not Meta would enchantment the high-quality, saying solely that it was, “reviewing this decision carefully.”

The new fines come simply two months after Irish regulators hit Meta with a separate $403 million high-quality (the second largest issued below GDPR guidelines) for allegedly failing to correctly shield youngsters’s privateness on Instagram. Not lengthy earlier than that, Irish regulators fined the corporate round $266 million over alleged WhatsApp privateness breaches and transparency points. Meta referred to as these fines—which initially hovered round $52 million—”totally disproportionate.”

Whether or not Meta will really find yourself paying any of those penalties, at the least of their present kinds, stays unclear. Large tech firms like Meta frequently discover themselves on the receiving finish of quite a few lawsuits and fines from regulators throughout the globe, some extra severe than others. Only a fraction of these ever find yourself in payouts or settlements. Still, Irish regulators have proven a robust willingness to comply with GDPR guidelines to the letter of the legislation, a bent more likely to please pissed off privateness advocates who’ve criticized European international locations for failing to correctly use the information protections legal guidelines at their disposal.