Irish Watchdog Fines Meta €91 Million

Irish Watchdog Fines Meta €91 Million
Fotolia

The Irish Data Protection Commission (DPC) announced its final decision following an inquiry into Meta Platforms. This inquiry was launched in April 2019, after Meta notified the DPC that it had inadvertently stored certain passwords of social media users in ‘plaintext’ on its internal systems.

The DPC submitted a draft decision to the other Concerned Supervisory Authorities across the EU/EEA in June 2024, as required under Article 60 of the GDPR. No objections to the draft decision were raised by the other authorities. The decision, made by the Commissioners for Data Protection, Des Hogan and Dale Sunderland, and notified to Meta, includes a reprimand and a fine of €91million.

The DPC’s decision is based on the social media company's failure to notify the body of a personal data breach concerning the storage of user passwords in plaintext. DPC explained that, in this case, Meta has breached a total of four articles of GDPR.

“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data. It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts," said Graham Doyle, Deputy Commissioner at the DPC.