Meta, the parent company of Facebook, Instagram and WhatsApp, was fined €91 million by the Irish regulator on Friday, September 27 for violating the General Data Protection Regulation (GDPR) by lacking transparency following a security breach that affected user passwords.
In this new decision, the Irish Data Protection Commission (DPC), acting on behalf of the European Union (EU), criticizes Meta for not having put in place adequate security measures, but also for having taken too long to inform it of the problem. The DPC launched an investigation in April 2019 after being informed about the storage by Meta Ireland. “inadvertently” of “certain user passwords” in plain text, that is, unencrypted, without these having “It has been communicated to external parties”explains in a press release.
The security breach dates back to January 2019 and affected 36 million Facebook and Instagram users in the European Economic Area, Graham Doyle, head of communications at the Irish regulator, told Agence France-Presse (AFP). The DPC criticizes Meta for informing it of the problem only in March 2019. “It is widely accepted that user passwords should not be stored in clear text”insisted Graham Doyle.
Net profit increases significantly
Meta acknowledges, for its part, in a statement sent to the AFP, that certain user passwords have been “Temporarily recorded in a readable format in our internal data systems”. The company claims to have “Took immediate action to correct this error”adding that there is “There is no evidence that these passwords [aient] been misused or accessed inappropriately”. The company swears to have “I proactively reported this issue” and have “I collaborated constructively throughout this investigation”.
The group is regularly accused in the EU of processing the personal data of its users in contravention of the European GDPR regulation, launched in 2018 to protect consumers against the dominance of technology giants.
Although numerous, these sentences do not seem to have a great deterrent effect. In September 2021, the group was fined €225 million for its lack of transparency in “the processing of information between WhatsApp and other Facebook companies”. In March 2022, it received a fine of 17 million euros for failing to implement data protection measures. New economic punishment in September 2022, with a record fine of 405 million euros for failures in the processing of minors’ data; then in November 2022 with 265 million euros for not having sufficiently protected the data of Facebook users.
In January 2023, the group receives two new fines for a total of 390 million euros for violating “its obligations regarding transparency” and for the processing of personal data “for advertising purposes” aim. Last fine a few days later: 5.5 million for lack of transparency regarding WhatsApp.
Meta’s net profit increased 73% year-on-year to $13.5 billion (about €12 billion) in the second quarter, on revenue of $39 billion, an increase of 22%, a larger increase than its own expectations.
