Personal Data: New €91 Million Fine in the EU Against Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, was hit with a €91 million fine on Friday by the Irish regulator for violating the European regulation on personal data (GDPR).

Meta, the parent company of Facebook, Instagram, and WhatsApp, was fined by the Irish regulator for violating the GDPR by lacking transparency following a security breach affecting users' passwords.

In this new decision, the Irish Data Protection Commission (DPC), which acts on behalf of the European Union, reproached Meta for failing to implement appropriate security measures in advance and for taking too long to inform the regulator of the issue.

The DPC launched an investigation in April 2019 after being informed by Meta Ireland of the "inadvertent" storage of "some users' passwords" in plain text, meaning unencrypted, without these being "disclosed to external parties," the regulator said in a statement.

The security breach dates back to January 2019 and affected 36 million Facebook and Instagram users in the European Economic Area, Graham Doyle, the Irish regulator's head of communications, told AFP.

The DPC criticizes Meta for not informing them of the issue until March 2019.

"It is widely accepted that users' passwords should not be stored in plain text," emphasized Graham Doyle.

"Immediate Measures"

Meta acknowledged that some users' passwords were "temporarily stored in a readable format in our internal data systems," in a statement sent to AFP.

The company claims to have "taken immediate measures to correct this error," adding that there is "no evidence that these passwords were misused or inappropriately accessed."

The company asserts that it "proactively reported this issue" and "cooperated constructively throughout the investigation."

The group is regularly criticized in the EU for handling its users' personal data in ways that violate European GDPR regulations, which were introduced in 2018 to protect consumers from the dominance of tech giants.

Although there have been many fines, they seem to have little deterrent effect on the Menlo Park giant.

In September 2021, the group was fined €225 million for its lack of transparency in "the processing of information between WhatsApp and other Facebook companies."

In March 2022, it received a €17 million fine for failing to implement data protection measures.

Lack of Transparency

Again, six months later, in September 2022, it received a record €405 million fine for mishandling minors' data, followed by a €265 million fine in November 2022 for insufficiently protecting Facebook users' data.

In January 2023, it received two more fines totaling €390 million for violating "its transparency obligations" and for its handling of personal data "for targeted advertising purposes."

The most recent fine came just a few days later: €5.5 million for a lack of transparency concerning WhatsApp.

Meta's net profit surged by 73% year-on-year, reaching $13.5 billion in the second quarter, with a revenue of $39 billion (+22%), exceeding both its own expectations and market forecasts.

Enjoyed this article? Stay informed by joining our newsletter!

Comments

You must be logged in to post a comment.

About Author