Facebook runs the gauntlet of a massive GDPR fine.
Ireland’s Data Protection Commission (DPC) has launched a statutory investigation into the revelation that Facebook stored hundreds of millions of user passwords insecurely.
Last week Siliconrepublic.com reported that Facebook updated a March blogpost to indicate that millions rather than thousands of Instagram passwords were stored in plaintext, so it was possible for the social network’s employees to access them. It was the latest privacy debacle to hit the hapless social network in more than a year of revelations since the Cambridge Analytica scandal broke in 2018.
‘We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR’
– DATA PROTECTION COMMISSIONER
The scope of the DPC’s enquiry covers the storage of passwords for Facebook, Facebook Lite and Instagram.
Under GDPR rules, EU regulators can fine companies as much as €20m or 4pc of their turnover, whichever is highest.
As such, Facebook runs the risk of being hit with a massive fine just like Google, which earlier this year was given a €50m fine by France’s data privacy watchdog, CNIL.
Based on Facebook’s turnover of more than $55bn last year, that fine could reach as high as $2.2bn (€1.97bn) if the DPC decides the social network broke GDPR rules.
“The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plaintext format in its internal servers,” the DPC said in a statement.
“We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.”