Meta, the parent company of Facebook, Instagram, and WhatsApp, was fined €91 million on Friday by the Irish regulator for violating the EU data regulation (GDPR).
The American tech company was found to lack transparency after a data breach affecting user passwords. The Irish Data Protection Commission (DPC), acting on behalf of the European Union, criticised Meta for failing to implement appropriate security measures and for taking too long to inform them about the issue.
The DPC launched an investigation in April 2019 after Meta Ireland reported the inadvertent storage of some user passwords in plain text, without them being exposed to external parties.
The security breach occurred in January 2019 and affected 36 million users of Facebook and Instagram in the European Economic Area, according to Graham Doyle, the DPC’s communications chief.
The DPC reproached Meta for notifying them of the problem only in March 2019. "It is widely accepted that user passwords should not be stored in plain text," emphasised Graham Doyle.
Meta acknowledged that some user passwords were "temporarily stored in a readable format in our internal data systems," in a statement to AFP. The company claimed to have "taken immediate steps to correct this error," adding that there is "no evidence that these passwords were misused or improperly accessed."
Meta also stated that it "proactively reported this issue" and "collaborated constructively throughout the investigation."
The group has frequently been criticised in the EU for its treatment of users’ personal data, contrary to GDPR, which was launched in 2018 to protect consumers against tech giants’ dominance.
Despite numerous sanctions, these hefty fines do not seem to deter the Menlo Park company.
In September 2021, Meta was fined €225 million for its lack of transparency in "the processing of information between WhatsApp and other Facebook companies."
In March 2022, it received a €17 million fine for failing to implement data protection measures.
Another record fine of €405 million followed in September 2022 for mishandling minors’ data, and in November 2022, Meta was fined €265 million for insufficiently protecting Facebook user data.
In January 2023, two new fines totalling €390 million were issued for violating “transparency obligations” and for its handling of personal data for targeted advertising.
A few days later, an additional €5.5 million fine was imposed for a lack of transparency regarding WhatsApp.
Meta’s net profit surged by 73% year-on-year, reaching $13.5 billion in the second quarter, with revenue of $39 billion (+22%), exceeding both its own and market expectations.
