[ad_1]
The European Union has issued a new fine against Mark Zuckerberg’s group, this time for a case dating back to 2019, and which concerns unprotected user account passwords.
91 million euros: this is the amount of the new fine imposed by the European Union on Metathe parent company of Instagram, Facebook and WhatsApp. This Friday, September 27, the Irish Data Protection Commission, the equivalent of the CNIL in the country (DPC), estimated that the American group had indeed violated the GDPR, the European regulation which protects personal data. Meta lacked transparency after a security breach affecting its users’ passwords: not only were security measures not put in place, but the group was late in informing users of this problem, believes the regulator Irish, which acts on behalf of the European Union (EU).
It all started almost five years ago, in January 2019. 36 million Facebook and Instagram users were affected by a security breach. In March 2019, two months later, the Irish subsidiary of Meta, which has its European headquarters in the country, had informed the DPC of the storage, “ inadvertently “, of ” some user passwords » in plain text, that is to say in an unencrypted, unprotected manner. The latter, however, would not have “ been communicated to external parties », Specified the American company. Enough to worry the Irish authority, which, in April 2019, decided to open an investigation. Five years later, its decision was notified to Meta, it specifies in a press release dated Friday, September 27. The group is indeed guilty of having violated several articles of the GDPR. He is ordered to pay a fine of 91 million euros.
Also read: “LLMs suck”: Meta’s AI manager tackles current generative AI, and promises much better
Passwords stored in clear text and a lack of transparency?
For Graham Doyle, the communications manager of the DPC, quoted in the press release, “ It is widely accepted that user passwords should not be stored in the clear, given the risks of abuse that arise from people accessing this data. It should be borne in mind that the passwords examined in this case are particularly sensitive, as they would allow access to users’ social media accounts “.
To connect to your Facebook or Instagram account, you need a password, generally stored in a format protected by the platforms, in particular using cryptographic techniques. We do not know why this was not the case for these 36 million users in 2019.
Contacted by 01net.coma spokesperson for Meta explained that the group “ took immediate steps to correct this error. There is no evidence that these passwords were misused (…). We have proactively reported this issue to our primary regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this investigation. “. Will the American company appeal this decision? Questioned on this point, the latter simply indicated that it was studying the details of the decision.
Also read: Mistral and Meta refuse to join the EU Voluntary Pact on AI
Meta accumulates GDPR violations
This is not the first time that Meta has been fined for violating personal data law in Europe. Mark Zuckerberg’s company is regularly the subject of GDPR violation decisions. Lack of transparency, lack of protection of user data including minors, processing of personal data for targeted advertising purposes without transparency… Between September 2021 and today, the group has been the subject of several decisions by the DPC , accused of being too conciliatory with the digital giants. In total, the Menlo Park company was fined around 2.6 billion euros:
- 225 million in September 2021, for its lack of transparency in the processing of information between WhatsApp and other group companies,
- 17 million in March 2022, for twelve personal data leaks in 2018,
- 405 million in September 2022 for violation of the privacy of minors on Instagram,
- 265 million euros in November 2022 following the hacking of 533 million Facebook accounts in 2019,
- 390 million euros in January 2023 for inappropriate legal foundations regarding the “processing of personal data for advertising purposes” on Instagram and Facebook,
- 1.2 billion in May 2023 to have “continued to transfer personal data” of users from Europe to the United States even though it was no longer authorized to do so,
- 5.5 million for lack of transparency.
Editor’s note: This article has been updated to include comments from Meta, received after initial publication.
🔴 To not miss any 01net news, follow us on Google News And WhatsApp.
Press release from the Irish CNIL
[ad_2]
Source link
