Meta has faced yet another privacy fine in Europe. On Friday, Ireland’s Data Protection Commission (DPC) issued a €91 million penalty (approximately $101.5 million) following a lengthy investigation into a 2019 security breach involving Facebook, Meta’s parent company.
The DPC began its investigation in April 2019 under the General Data Protection Regulation (GDPR) after Meta, then known as Facebook, reported that millions of users' passwords had been stored in plain text on its servers. The breach became a legal issue because the GDPR mandates that personal data must be securely protected.
After its investigation, the DPC found that Meta had failed to meet GDPR standards by not encrypting the passwords, which created the risk that third parties could access sensitive user information. Additionally, Meta was found to have violated GDPR by failing to notify authorities within the required 72-hour timeframe and by not properly documenting the breach.
In a statement, deputy commissioner Graham Doyle emphasized that passwords should never be stored in plain text due to the high risk of misuse. He pointed out that these particular passwords could have granted access to users’ social media accounts, making them especially sensitive.
Meta responded to the ruling by downplaying the incident, stating through spokesperson Matthew Pollard that it had acted swiftly to address the issue, describing it as an error in password management. Meta claimed there was no evidence of the passwords being misused or improperly accessed and highlighted that it had voluntarily reported the issue to the Irish DPC and cooperated fully with the investigation.
This penalty adds to Meta's growing list of GDPR fines, underscoring the company's ongoing challenges with privacy compliance. While the €91 million fine is larger than the €17 million fine issued by the DPC in March 2022 for a separate breach, it still represents only a small portion of Meta's revenue. GDPR allows fines of up to 4% of a company’s global annual turnover, meaning Meta could have faced a far larger penalty given its 2023 revenue of $134.90 billion.
.jpg){kind=logo}
0 Comments