Editor’s Note: Meta Platforms, Inc. continues to face the ramifications of its data handling practices, as highlighted by the recent €91 million fine from the Irish Data Protection Commission (DPC). This significant penalty, rooted in a 2019 investigation, underscores the growing scrutiny of global tech companies under the European Union’s stringent data privacy regulations. For professionals in cybersecurity, information governance, and eDiscovery, this development is yet another stark reminder of the critical need for encryption and robust data protection mechanisms. As Meta navigates these regulatory challenges, the wider business community must stay vigilant in ensuring compliance with evolving data privacy laws.


Content Assessment: Meta Faces €91 Million Fine Over Password Storage Lapse

Information - 92%
Insight - 90%
Relevance - 92%
Objectivity - 94%
Authority - 95%

93%

Excellent

A short percentage-based assessment of the qualitative benefit expressed as a percentage of positive reception of the recent article from ComplexDiscovery OÜ titled, "Meta Faces €91 Million Fine Over Password Storage Lapse."


Industry News – Data Privacy and Protection Beat

Meta Faces €91 Million Fine Over Password Storage Lapse

ComplexDiscovery Staff

Meta Platforms, Inc. has been slapped with a €91 million ($101.5 million) fine by the Irish Data Protection Commission (DPC) following a comprehensive investigation into a significant security lapse. The fine, announced on Friday, marks yet another substantial penalty for the social media giant under the stringent data privacy regulations of the European Union (EU). This latest reprimand highlights ongoing concerns over Meta’s data handling practices and underscores the increasing scrutiny faced by major tech companies in Europe.

The investigation, launched in April 2019, revealed that Meta had inadvertently stored certain user passwords in ‘plaintext,’ meaning the passwords were not protected by any form of encryption. This lapse, which was discovered internally by Meta, involved passwords for a subset of Facebook users, which were temporarily logged in a readable format. Despite Meta’s assertion that there is no evidence these passwords were accessed improperly or abused, the regulatory body deemed the storage method as a serious risk.

“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” remarked Graham Doyle, Deputy Commissioner of the DPC. He emphasized the universally recognized need for robust encryption to safeguard user information, critiquing Meta’s failure to adhere to these essential security measures.

Meta’s response to the investigation was swift. The company stated, “We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly. We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.” Despite these efforts, the financial penalty reflects the severity with which the DPC views such breaches.

This fine is part of a broader pattern of regulatory action against Meta by the DPC, which is the lead privacy regulator for many major U.S. tech firms operating in Europe due to the location of their EU headquarters in Ireland. To date, the DPC has imposed fines totaling over €2.6 billion ($2.9 billion) on Meta for various breaches under the EU’s General Data Protection Regulation (GDPR). This includes a record €1.2 billion fine in 2023, which Meta is currently appealing.

The GDPR, implemented in May 2018, mandates strict data protection and privacy protocols for all organizations operating within the EU. Its enforcement has led to several high-profile fines against tech giants, aiming to ensure rigorous compliance and protect user data from misuse. Meta, which also owns Instagram and WhatsApp, has frequently found itself at the center of these regulatory actions.

In addition to the GDPR, Meta is facing scrutiny under other legislative frameworks such as the Digital Services Act (DSA) and the Digital Markets Act (DMA). The DSA, enacted to enhance the accountability of social media platforms, requires these entities to monitor and manage content that may be considered harmful within the EU. In contrast, the DMA focuses on ensuring fair competition by obligating large tech companies to open their ecosystems, thereby providing consumers with more choices and preventing monopolistic practices.

Meta’s compliance with these regulations is under intense observation, with the company delaying the launch of its Meta AI models in Europe earlier this year following a request by the DPC to halt its plans to harvest data from European Facebook and Instagram users. The regulatory pressure is not unique to Meta; other tech behemoths such as Google LLC, Apple Inc., and Elon Musk’s X (formerly Twitter) are also under the EU’s regulatory lens for potential violations.

The financial and operational impact of these fines on Meta cannot be overstated. As appeals processes unfold and additional investigations loom, the company must navigate a complex landscape of regulations and expectations. The involvement of high-profile personalities and firms only adds layers of scrutiny and public interest to these proceedings.

For businesses and investors, the developments surrounding Meta’s regulatory challenges serve as a critical reminder of the evolving landscape of data protection laws and the importance of robust compliance mechanisms. The ripple effects of these legal actions are likely to influence corporate policies and investor confidence in tech firms’ ability to manage user data responsibly and transparently.

News Sources


Assisted by GAI and LLM Technologies

Additional Reading

Source: ComplexDiscovery OÜ

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, DALL-E2, Grammarly, Midjourney, and Perplexity, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.