Ireland's Data Protection Commission said Meta infringed sections of the EU's GDPR rules.
Irish regulators slapped Facebook parent Meta with a €265 million fine on Monday, the company's latest punishment for breaching strict European Union data privacy rules.
The Data Protection Commission said Meta Platforms Inc infringed sections of the EU rules, known as the General Data Protection Regulation, that require technical and organisational measures aimed at protecting user data.
The watchdog opened an investigation last year into news reports that data on more than 533 million users was found dumped online.
The data was found on a website for hackers and included names, Facebook IDs, phone numbers, locations, birthdates, and email addresses of people from more than 100 countries, according to the reports.
Meta said the data had been "scraped" from Facebook using tools designed to help people find their friends through phone numbers using search and contact import features. The watchdog said it investigated scraping between May 2018 and September 2019.
The company said it had "cooperated fully" with the Irish watchdog.
“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers," Meta said in a statement.
"Unauthorised data scraping is unacceptable and against our rules".
Along with the fine, the commission said it also imposed on Meta a "range of corrective measures," which weren't specified.
It's the latest in a series of punishments that the Irish watchdog has levied against Meta over the past two years.
Based in Menlo Park, California, the company has its European headquarters in Dublin, which makes the Irish authority its lead privacy regulator under the EU's General Data Protection Regulation, in a system known as a “one-stop shop.”
The Irish watchdog fined Meta-owned Instagram €405 million in September after it found that the platform mishandled teenagers’ personal information. Meta was fined €17 million fines in March for its handling of a dozen data breach notifications.
Last year, the watchdog fined Meta's chat service WhatsApp €225 million for violating rules on sharing people's data with other Meta companies.