Meta Fined €91 Million for GDPR Violations Over Password Security

Irish Data Protection Commission (DPC) has fined Meta, the parent company of Facebook, €91 million ($102 million) for violating Europe’s stringent General Data Protection Regulation (GDPR) rules. The company failed to adequately protect users’ social media passwords, storing them in plain text—a significant security oversight, which led to this penalty. The fine follows a five-year investigation launched in 2019, scrutinizing Meta’s privacy practices and whether the company fulfilled its obligations to safeguard user data.

Meta Fined €91 Million for GDPR Violations Over Password Security

The Investigation and Findings

The Irish Data Protection Commission, responsible for ensuring Meta complies with GDPR across Europe, initiated an investigation after discovering that Meta had been improperly storing users’ passwords. Storing passwords in plain text means that the company did not encrypt them, leaving them vulnerable to unauthorized access. This clearly violates best practices in data security, as companies should encrypt sensitive information like passwords to prevent exploitation.

Deputy Commissioner Graham Doyle emphasized the importance of proper password protection in a statement: “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data.” He further noted that social media passwords, in particular, grant access to personal and sensitive user information, making their protection even more critical.

GDPR and Meta’s Obligations

The GDPR, implemented in 2018, sets high standards for data protection and privacy for individuals within the European Union. Moreover, it requires companies like Meta to proactively ensure the privacy and security of user data and to promptly report any issues to regulators. Under GDPR, companies must be transparent about potential privacy breaches and demonstrate that they are taking steps to prevent such incidents.

In line with GDPR’s rules, Meta reported the password storage issue in 2019. The company conducted an internal security review and found that some Facebook users’ passwords temporarily stored in a readable, unencrypted format within Meta’s internal systems.

Meta’s Response to the Fine

Following the investigation and the subsequent fine, a Meta spokesperson explained that the company had taken swift action to address the issue. “As part of a security review in 2019, we found that a subset of Facebook users’ passwords were temporarily logged in a readable format within our internal data systems,” the spokesperson said. “We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly.”

While Meta acknowledged the error, the company assured regulators and users that it had implemented measures to prevent similar incidents in the future. Despite these assurances, this is not the first time Meta has faced penalties for violating privacy regulations. The company has been at the centre of various data privacy controversies in the past, which has raised concerns about its ability to safeguard user data consistently.

Ensuring Future Compliance

Meta claims it has reinforced its internal security processes as part of its commitment to improve data protection, ensuring it securely stores passwords and other sensitive data going forward. This also includes adopting encryption methods to prevent unauthorized access to user accounts.

Though the fine represents a significant financial penalty, the case highlights the growing importance of robust data protection standards in the digital age. It also underscores the need for companies like Meta to remain vigilant in safeguarding user privacy, especially as regulatory bodies continue to hold them accountable under laws like GDPR.

See Also: Meta AI Introduces Powerful Photo Editing & Image Recognition Features

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!

Onsa Mustafa

Onsa is a Software Engineer and a tech blogger who focuses on providing the latest information regarding the innovations happening in the IT world. She likes reading, photography, travelling and exploring nature.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
>