(Dublin) Meta, the parent company of Facebook, Instagram and WhatsApp, was fined 91 million euros (137 million Canadian dollars) on Friday by the Irish regulator for violating the European Data Regulation (GDPR) by lacking transparency after a security breach affecting user passwords.
In this new decision, the Irish Data Protection Commission (DPC), which acts on behalf of the European Union (EU), criticizes Meta for failing to put in place appropriate security measures upstream, but also for having taken too long to inform him of the problem.
The DPC launched an investigation in April 2019 after being informed by Meta Ireland of the “inadvertent” storage of “certain user passwords” in the clear, that is to say unencrypted, without these have “been communicated to external parties”, it indicates in a press release.
The security breach dates back to January 2019 and affected 36 million Facebook and Instagram users in the European Economic Area, Graham Doyle, head of communications for the Irish regulator, told AFP.
The DPC criticizes Meta for not having informed it of the problem until March 2019.
“It is widely accepted that user passwords should not be stored in plain text,” insisted Graham Doyle.
“Immediate measures”
Meta, for its part, acknowledges that certain user passwords were “temporarily recorded in a readable format in our internal data systems”, in a statement sent to AFP.
The company says it has “taken immediate action to correct this error,” adding that there is “no evidence that these passwords were misused or accessed inappropriately.”
The company swears that it has “proactively reported this issue” and has “collaborated constructively throughout this investigation.”
The group is regularly accused in the EU for processing the personal data of its users contrary to European GDPR regulations, launched in 2018 to protect consumers against the domination of tech giants.
Although numerous, these convictions do not seem to be much of a deterrent for the Menlo Park giant.
In September 2021, the group was fined 225 million euros ($339 million) for its lack of transparency in “the processing of information between WhatsApp and other Facebook companies”.
In March 2022, he was fined 17 million euros ($25.6 million) for failing to implement data protection measures.
Lack of transparency
Rebelote six months later, in September 2022, with a record fine of 405 million euros ($610 million) for failures in the processing of minors’ data, then November 2022 with 265 million euros ($399 million). dollars) for not having sufficiently protected Facebook user data.
In January 2023, it received two new fines totaling 390 million euros ($587.6 million) for violating “its transparency obligations” and for its processing of personal data “for targeted advertising purposes”.
Latest fine a few days later: 5.5 million ($8.3 million) for a lack of transparency regarding WhatsApp.
Meta’s net profit climbed 73% year-on-year to $13.5 billion (US) in the second quarter, on revenue of $39 billion (+22%), higher than its own expectations and those of the market.