The inquiry began in April 2019 after Meta informed the DPC that it had inadvertently stored certain social media user passwords on its internal systems without encryption.
In June 2024, the DPC submitted a draft decision to other European data watchdogs, and no objections were raised.
Meta was found to have committed four breaches of the General Data Protection Regulation (GDPR).
DPC Deputy Commissioner Graham Doyle stated, “It is widely accepted that user passwords should not be stored in ‘plaintext’ considering the risks of abuse that arise from persons accessing such data. It must be borne in mind that the passwords under consideration in this case are particularly sensitive, as they would enable access to users’ social media accounts.”
The decision, made by Commissioners for Data Protection Dr. Des Hogan and Dale Sunderland, was notified to Meta on September 26 and includes a reprimand and a fine.
In May 2023, Meta was fined €1.2 billion for mishandling data transfers between Europe and the United States, the largest fine issued under the EU’s GDPR privacy law.
In 2022, Meta was fined €265 million after data from 533 million people in 106 countries was published on a hacking forum, having been “scraped” from Facebook years earlier.
No comments:
Post a Comment