Meta fined €91m for GDPR breach

Social media firm Meta has been fined €91m by its lead regulator in Europe for breaches under the bloc’s General Data Protection Regulation (GDPR). The Data Protection Commission (DPC) said it found the parent company of Facebook and Instagram had breached four articles of Europe’s data protection rules for storing users’ passwords in plain text, without encryption.

The DPC launched an inquiry into the practice in 2019 after Meta notified the regulator that some passwords had not been stored in compliance with GDPR.

Deputy commissioner at the DPC Graham Doyle said: “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data. It must be borne in mind that the passwords, the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts.”

Among the breaches, the DPC said Meta failed to document personal data breaches when user passwords were stored in plain text and did not use measures to ensure the security of its users’ passwords against unauthorised processing.

Back to top button