Meta has been fined by the Irish Data Protection Commission (DPC) today. The parent company of WhatsApp and Facebook has been fined €91 million for multiple violations of the GDPR for “negligently” storing user passwords.

In March 2019, Facebook admitted that it had discovered it was storing. Certain user passwords [ses] Internal storage systems in readable format ». A minor bug that affected hundreds of millions of Facebook, Facebook Lite, and Instagram users. But sure enough, the social network explained it “These passwords were never visible to anyone outside of Facebook, and we have yet to find anything to indicate that anyone internally misused or improperly accessed them. “.

The Irish CNIL does not see it that way. D.P.C Just announced The proceedings are closed one month after the discovery of this error. The investigation was to check whether there is meta or not. Measures have been implemented to ensure a level of security appropriate to the risks associated with password processing » and whether he has complied with documentation and information obligations.

Failure to ensure data security

The answer is no. Facebook did not notify the DPC at the time of this personal data breach, in breach of Article 33 of the GDPR, nor did it document this breach. But, even worse, at the end of the investigation, the Irish Personal Data Police believe that Meta ” Failed to use appropriate technical or organizational measures to ensure appropriate security of user passwords against unauthorized processing “and” Failed to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the ability to ensure the continued confidentiality of user passwords “.

Meta is fined €91 million for these four violations of the GDPR.