San Marino beats the Goliath of social networks, fines four million for Facebook: “It did not protect privacy”

The tiny Republic of San Marino has beaten the Goliath of social media by inflicting a four million euro fine that goes straight to Facebook’s core business, its users’ data and the security of their processing. A perhaps symbolic sanction has rained down on Meta Inc., Zuckerberg’s company, compared to the planetary firepower of its recipient, but this information from 12,700 San Marino citizens at the origin of the sentence is the spark that could set fire to the prairie of others 533 million users worldwide, whose data took flight following the hacker attack that breached the platform’s defenses between 2018 and 2019.

The proportional penalty
Umberto Rapetto, president of the Guarantor of privacy of San Marino, which has just over 33 thousand inhabitants, hypothesizes precisely this scenario in the aftermath of the decision of the court of appeal of the republic: «If the fine of 4 million euros imposed by San Marino , which certainly does not worry Facebook’s budget, is applied proportionally in the other states, the total amount of the fine for the total 533 million interested parties arithmetically reaches 166 billion euros.

The Irish precedent
In reality, someone had already moved on the same ground by applying even heavier fines, in relation to the number of people involved in a news leak that had led to the online dissemination of sensitive data, telephone numbers and the location of social users including: last November the Irish Data Protection Authority had fined the American group 265 million for failure to comply with European standards for the protection of individual data. Other fines followed, again for violation of EU rules on the processing of personal information.

The accusation
Now even the Republic of San Marino sees the dispute that had seen Meta appeal against the initial conviction decision resolved in its favour: the sentence establishes the inadmissibility of the appeal, confirming the logic of the accusation, whereby the US group “would have had to take appropriate security measures to prevent the collection of users’ personal data”. More: the judge of appeal Valeria Pierfelici decided to “agree with the Authority that the large amount of data acquired from third parties and the volume of traffic generated should have been immediately recognized as a dangerous anomaly and should have triggered mechanisms of prevention and defense acts to avoid the perpetration of any action potentially harmful to the confidentiality of the data of the people who join the virtual association”.

The defence
Meta’s comment: «We are disappointed by this decision and are examining it. We made changes to our systems back in 2019, such as removing the ability to “scrape” user data using phone numbers. Unauthorized data scraping is unacceptable and against our rules. We will continue to work with other companies in the sector on this common challenge».