The penalty relates to an inquiry which was opened by the DPC on April 14, 2021, following media reports of more than 530M Facebook users’ personal data — including email addresses and mobile phone numbers — being exposed online.
At the time, Facebook tried to play down the breach — claiming the data that had been found floating around online was “old data” and that it had fixed the issue that led to the personal data being exposed.
Google will pay $391.5m (£330m) to settle allegations about how it collects data from users.
“Consumers thought they had turned off their location-tracking features on Google – but the company continued to secretly record their movements and use that information for advertisers.”
The attorneys general said Google had been misleading consumers about location tracking since at least 2014, breaking state consumer-protection laws.
“We’ve built systems with open borders. The result of these open systems and open culture is well described with an analogy: Imagine you hold a bottle of ink in your hand. This bottle of ink is a mixture of all kinds of user data (3PD, 1PD, SCD, Europe, etc.) You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere,” the document read. “How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?”