Not this one specifically, that one is due to not telling people their profiles would be public if they switched to creator mode or w/e it is

1. it isn't illegal, altho depends on jurisdiction and data, but gl finding who is scraping your site.

2. It's not a "feature", someone is literally scraping data from public profiles. It's not permissible by any of their products lol. They DO shit about this already - https://techcrunch.com/2022/10/03/meta-settles-lawsuit-for-significant-sum-against-businesses-scraping-facebook-and-instagram-data/

its combined and aggregated somewhere and then bad actors will try to break into your accounts using that information.

Your email from one site, password from another, geoIP, profile picture, etc.

Best practice is use a password manager w a diff pass on each site, use 2fac where you can

data scraping is a joke too, they're fining meta because someone else scraped them. That's like fining a hotel because someone stole your car from their parking lot.

Honestly all of those are pretty weak cases, the EU needs to start focusing more on on-platform misuse than 3rd party issues.

This particular case is about a third party that scraped data from Facebook, which is incredibly hard to combat since it does not involve any integration with FB.

If they objective is to just make every single profile private then they should just state that already.

Idk what reality this is in but executives/managers get fired all the time by THEIR managers. Any company with over 100 people has performance reviews