Topics
late
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
initiative
EVs
Fintech
Fundraising
widget
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
speculation
More from TechCrunch
issue
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Reset your clocks : Meta has been hit with yet another seclusion penalization in Europe . On Friday , Ireland ’s Data Protection Commission ( DPC)announceda reprimand and a € 91 million fine — around $ 101.5 million at current exchange rates — after concluding a multiyear investigation into a 2019 security department rupture by Facebook ’s parent company .
The DPC open a statutory inquiry into the incident in question inApril 2019under the bloc ’s General Data Protection Regulation ( GDPR ) after Meta , or Facebook as the fellowship was still called back then , send word it that “ C of million ” of drug user ’ watchword had been stored in plaintext on its servers .
The security incident is a sound issue in the European Union because the GDPR requires that personal data is appropriately secured .
After investigating , the DPC has concluded that Meta failed to meet the axis ’s effectual standard since the passwords were not protected with encryption . It created a risk as third parties could potentially get at people ’s sensitive information stored in their societal media accounts .
The governor , which leads on oversight of Meta ’s GDPR conformation , also found Meta break away the rules by failing to send word it of the breach within the expect time frame ( the regulation generally stipulates breach reporting should take place no later than 72 hours after becoming aware of it ) . Meta also failed to right document the breach , per the DPC .
Commenting in a statement , deputy sheriff commissioner Graham Doyle wrote : “ It is widely accepted that substance abuser passwords should not be stored in plaintext , considering the risk of maltreatment that arise from person accessing such information . It must be borne in mind , that the passwords the subject of considerateness in this casing , are especially raw , as they would enable memory access to users ’ social medium account . ”
Reached for a reply to its latest GDPR sanction , Meta spokesperson Matthew Pollard emailed a statement in which the company sought to play down the finding by claim it assume “ immediate action ” over what had been an “ fault ” in its password management processes .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
“ As part of a surety brushup in 2019 , we ground that a subset of FB [ Facebook ] user ’ passwords were temporarily lumber in a readable format within our intragroup datum system . We need immediate legal action to fix this mistake , and there is no grounds that these word were abuse or accessed improperly , ” Meta wrote . “ We proactively flagged this issue to our lead regulator , the Irish Data Protection Commission , and have engaged constructively with them throughout this inquiry . ”
Meta had already rack upa legal age of the largest GDPR penaltieshanded out to technical school giant so the latest sanction simply underscores the scale of its problem with privateness compliance .
The penalty is notably crocked than a€17 million finethe DPC handed to Meta in March 2022 over a 2018 security rift . The Irish regulator has had a variety of senior management since then . However the two incidents are also different : Meta ’s early protection oversight affect up to 30 million Facebook user compared to the hundreds of millions whose passwords were said to have been exposed as a result of its failure to secure passwords in 2019 .
The GDPR empowers data protection authorities to issue fines for break where the amount of any penalization is calculated based on factors such as the nature , gravity and length of the infringement ; the scope or purpose of the processing ; and the number of data bailiwick affected and level of damage endure , among other circumstance .
The highest potential punishment under the GDPR is 4 % of global annual turnover . So , in Meta ’s case , a € 91 million amercement may vocalise like a significant clod of change — but it stay a tiny fraction of the 1000000000000 the company could theoretically face , given itsannual revenue for 2023was a staggering $ 134.90 billion .
