ARTICLE
6 December 2024

Facebook Owner Fined €91 Million For Data Protection Issues

JL
Johnson Law Group

Contributor

For the last 30 years, Johnson Law Group has been a leader in the US legal mass-tort market, securing billions of dollars of compensation for its clients who have been wronged by large corporations.

Based in Manchester but with a national reach, Johnson Law Group now brings that wealth of experience into the UK legal market. As well as putting together a team of some of the best English solicitors in the business, you can be secure in the knowledge that by instructing Johnson Law Group to pursue your claim, you’ll have the very best of both worlds when it comes to litigation: English legal expertise, with the American-style of litigation that has safeguarded the interests of literally hundreds of thousands of consumers over the years.

The Irish Data Protection Commission fined Meta €91M for GDPR violations related to plaintext password storage, underscoring the importance of robust data protection amid heightened regulatory scrutiny.
United Kingdom Privacy

On 27th September 2024, the Irish Data Protection Commission (DPC) announced a significant €91 million fine against Meta Platforms Ireland Limited, the parent company of Facebook. This hefty penalty came from an inquiry initiated in April 2019, following revelations that Meta had improperly stored user passwords in plaintext, thereby breaching GDPR regulations (General Data Protection Regulation) regarding data security.

The issue came to light in March 2019 when Meta reported that it had inadvertently saved passwords of social media users without appropriate encryption, exposing them to potential risks. While there was no evidence that these passwords had been accessed by unauthorised parties, the DPC's investigation revealed serious shortcomings in Meta's technical and organisational measures aimed at protecting user data.

As the lead supervisory authority for Meta in Ireland, the DPC focused on whether the company had implemented sufficient security measures to protect users' passwords and whether it had adequately documented and reported the data breach, as required by GDPR.

The DPC's decision highlighted multiple violations of the GDPR, including:

  • Failure to notify the DPC of a personal data breach regarding the plaintext password storage.
  • Inadequate documentation of this breach.
  • Insufficient security measures to protect user passwords against unauthorised access.
  • Lack of appropriate technical and organisational measures to ensure the security of user data.

This decision reinforces the importance of robust data protection practices, especially for companies that handle large volumes of sensitive information.

This fine is part of a broader pattern of regulatory scrutiny faced by Meta. The DPC has previously issued several other fines against the company for various GDPR violations, highlighting an ongoing concern regarding its compliance with data protection laws. 

As technology companies continue to expand their data processing activities, regulatory bodies like the DPC are increasingly vigilant in ensuring compliance with data protection laws. The DPC's rigorous approach aims to safeguard user data and hold companies accountable for their data management practices.

Meta's response to this fine and ongoing investigations will be closely watched, particularly as the DPC prepares to publish further details regarding its decision. Additionally, with Meta's plans to train AI using Facebook and Instagram data currently under scrutiny, the need for stringent compliance with data protection regulations remains paramount.

The outcomes of Meta's legal challenges against the DPC's previous fines may also set important precedents for future regulatory actions. 

For consumers, this situation serves as a reminder to remain vigilant about data privacy and the practices of the platforms they use. Awareness of how companies manage sensitive information can empower users to make informed decisions about their online activities.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More