We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


Meta fined €91 million over passwords
Meta Dublin HQ Pic: RollingNews.ie

27 Sep 2024 data law Print

Meta fined €91 million over passwords

The data-protection watchdog has reprimanded and fined social-media company Meta Ireland €91 million for breaches of the GDPR rules on password storage.

The Data Protection Commission (DPC) had launched an inquiry in 2019, after Meta notified the DPC that it had inadvertently stored certain passwords of social-media users in ‘plaintext’ – without cryptographic protection or encryption – on its internal systems.

Meta is the parent company of Facebook and Instagram.

The DPC decision found four separate infringements of the GDPR rules on password storage.

Risks

No objections to the decision were raised by other European supervisory authorities, who were notified of the decision as required under the GDPR.

The passwords were not made available to external parties.

Graham Doyle (deputy commissioner, DPC) commented: “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data.

“It must be borne in mind that the passwords the subject of consideration in this case are particularly sensitive, as they would enable access to users’ social-media accounts," he added.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Copyright © 2024 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.