The Irish Data Protection Commission (DPC) has fined Meta Ireland €91 million for GDPR breaches.
Social media giant, Meta, owns Facebook, Instagram and WhatsApp. More than 2,000 people work at the company’s international headquarters in Dublin.
The General Data Protection Regulation, commonly known as GDPR, is the EU’s privacy law. It stipulates how and when data can be used. The onus is on companies to look after people’s private data.
The Irish Data Protection Commission investigation found that Meta Platforms Ireland Limited (MPIL) was storing users’ passwords in plain text.
Deputy Commissioner at the DPC, Graham Doyle, said storing passwords without encryption presented clear “risks of abuse”.
Anyone who managed to access the stored passwords could potentially have had “access to users’ social media accounts.”
The DPC’s inquiry was launched in April 2019 after Meta itself notified the commission that it had “inadvertently stored certain passwords of social media users in ‘plaintext’ on its internal systems.”
Ireland’s counterpart data protection agencies across the EU were consulted before today’s fine was finalised.
The Irish Data Protection Commission said the fine “underscores the importance of robust data protection practices to ensure user confidentiality and security.”
“GDPR requires data controllers to implement appropriate security measures when processing personal data, taking into account factors such as the risks to service users and the nature of the data processing.”
Responding to the fine, a Meta spokesperson admitted that a security review by the company in 2019 had found a “subset of FB [Facebook] users’ passwords were temporarily logged in a readable format within our internal data systems.”
The spokesperson added that the Meta “took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly.
“We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”