.png){kind=logo}
Europe's lead privacy regulator fined Meta €91 million ($101.5 million) for saving user passwords as plaintext. The first time one of the bloc's top watchdogs has levied a penalty against the tech giant.
The incident took place five years ago when Meta stored some passwords without protection or encryption. This practice is considered very risky as it leaves an opportunity for criminals to exploit.
Ireland's Data Protection Commission, which supervises the companies' compliance with the EU privacy law, launched the investigation after Meta reported the issue. The company reported the incident, and Meta acknowledged and corrected it back in 2019. DPC acknowledged that no third party gained access to the passwords exposed.
According to the Irish DPC Deputy Commissioner, Graham Doyle, "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data."
A Meta spokesperson stated the company had acted promptly and dealt with the issue as soon as it was discovered during the 2019 review. The spokesperson also further highlighted no evidence existed that any user data was accessed in an inappropriate manner and abused.
The Irish DPC is one of the crucial bodies in regulating the activities of US tech giants within the EU. This is because most of these companies have set up their headquarters in Ireland. This penalty adds to the €2.5 billion worth of fines that the General Data Protection Regulation (GDPR) has gathered from Meta since 2018. The latest record-breaking fine, valued at €1.2 billion, was issued last year and which Meta is currently appealing.
This is not the first time an EU watchdog has fined a tech giant for malpractices. In recent news, the watchdog fined Google for stifling competition by showing its own ads over the rivals to users. In fact, in 2021, Google was fined EU€102 million by the Italian antitrust authority due to this very infringement. Read more
