The European Union’s leading privacy watchdog has imposed a €91 million ($101.5 million) fine on Meta (META.O) for inadvertently storing some users’ passwords in an unencrypted format. According to a Reuters report, the fine was levied by Ireland’s Data Protection Commission (DPC), marking the latest in a series of penalties against the social media giant under the EU’s stringent privacy laws.
The investigation was launched five years ago after Meta disclosed to the DPC that it had mistakenly stored user passwords in “plaintext,” a highly vulnerable format that leaves data exposed to potential misuse. While Meta publicly admitted to the error at the time, the DPC confirmed that the exposed passwords were not accessible to any external parties.
“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” Deputy Commissioner Graham Doyle of the Irish DPC said in a statement, per a Reuters report.
Meta responded by stressing that the company took swift action to rectify the issue when it was identified during a 2019 security review. A spokesperson for the company assured that no evidence suggests the passwords were improperly accessed or misused, adding that Meta has cooperated fully with the DPC throughout the investigation.
Related: Meta Holds Off on EU AI Pact, Focuses on Meeting AI Act Rules
The Irish DPC oversees most of the top U.S. tech firms in Europe, given that many have based their EU operations in Ireland. This latest fine brings the total amount Meta has been penalized by the DPC to €2.5 billion for breaches under the EU’s General Data Protection Regulation (GDPR). The regulation, introduced in 2018, has led to significant fines for privacy violations.
Among Meta’s penalties, a record €1.2 billion fine imposed in May 2023 remains under appeal. This most recent fine further underscores the EU’s ongoing efforts to hold tech giants accountable for data protection practices.
Source: Reuters
Featured News
CVS Health Explores Potential Breakup Amid Investor Pressure: Report
Oct 3, 2024 by
CPI
DirecTV Acquires Dish TV, Creating 20 Million-Subscriber Powerhouse
Oct 3, 2024 by
CPI
South Korea Fines Kakao Mobility $54.8 Million for Anti-Competitive Practices
Oct 3, 2024 by
CPI
Google Offers Settlement in India’s Antitrust Case Regarding Smart TVs
Oct 3, 2024 by
CPI
Attorney Challenges NCAA’s $2.78 Billion Settlement in Landmark Antitrust Cases
Oct 3, 2024 by
nhoch@pymnts.com
Antitrust Mix by CPI
Antitrust Chronicle® – Refusal to Deal
Sep 27, 2024 by
CPI
Antitrust’s Refusal-to-Deal Doctrine: The Emperor Has No Clothes
Sep 27, 2024 by
Erik Hovenkamp
Why All Antitrust Claims are Refusal to Deal Claims and What that Means for Policy
Sep 27, 2024 by
Ramsi Woodcock
The Aspen Misadventure
Sep 27, 2024 by
Roger Blair & Holly P. Stidham
Refusal to Deal in Antitrust Law: Evolving Jurisprudence and Business Justifications in the Align Technology Case
Sep 27, 2024 by
Timothy Hsieh