Ireland fines Meta 91 mn euros over EU data breach

Ireland fines Meta 91 mn euros over EU data breach

The Irish Data Protection Commission criticised Meta for failing to put in place appropriate security measures to protect users' password data and for taking too long to alert the regulator over the issue
The Irish Data Protection Commission criticised Meta for failing to put in place appropriate security measures to protect users' password data and for taking too long to alert the regulator over the issue. Photo: Lionel BONAVENTURE / AFP/File
Source: AFP

An Irish regulator helping to police European Union data privacy said Friday it had fined Facebook-owner Meta 91 million euros ($102 million) for password-security breaches.

The Data Protection Commission criticised Meta for failing to put in place appropriate security measures to protect users' password data and for taking too long to alert the regulator over the issue.

An inquiry was launched in April 2019 after Meta Ireland informed the regulator that it had "inadvertently stored certain passwords of social media users" in a readable format on its internal system, the DPC said in a statement.

"It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," said Graham Doyle, the regulator's head of communications.

Doyle told AFP that the breach, which took place in January 2019, affected 36 million Facebook and Instagram users across the European Economic Area, which comprises the EU plus Iceland, Liechtenstein and Norway.

Read also

'Broken' news industry faces uncertain future

The regulator criticised Meta for not alerting the DPC of the problem until March 2019.

In a statement to AFP, Meta acknowledged that some Facebook users' passwords were "temporarily stored in a readable format in our internal data systems".

"We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly.

"We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry", a Meta spokesperson added.

Tech crackdown

Many global tech companies including Google, Apple and Meta, base their European operations in Dublin.

As a result, Ireland's data protection agency is the lead regulator responsible for holding them to account.

The fine issued Friday, dwarfed by Meta's multi-billion-dollar earnings, is the latest in a series issued to the US social media giant and its rivals, as global regulators seek to rein in big tech firms over also taxation, competition and disinformation.

Read also

China cuts amount banks hold in reserve to boost lending

Ireland this month launched an investigation in Google's artificial intelligence development.

It came as the European Commission scored two major legal victories in separate cases that left Apple and Google owing billions of euros.

At the same time, an EU court scrapped a 1.49-billion euro fine imposed by Brussels against Google over abuse of dominance in online advertising.

Tech giants are also seeking out each other over alleged breaches.

Google on Wednesday said it had filed a complaint against Microsoft at the European Commission, accusing its rival of "anticompetitive" licensing practices to force customers to use its cloud service.

New feature: Сheck out news that is picked for YOU ➡️ click on “Recommended for you” and enjoy!

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.