Natasha Lomas reports:
Reset your clocks: Meta has been hit with yet another privacy penalty in Europe. On Friday, Ireland’s Data Protection Commission (DPC) announced a reprimand and a €91 million fine — around $101.5M USD at current exchange rates — after concluding a multi-year investigation into a 2019 security breach by Facebook’s parent company.
[…]
After investigating, the DPC has concluded that Meta failed to meet the bloc’s legal standard since the passwords were not protected with encryption. It created a risk as third parties could potentially access people’s sensitive information stored in their social media accounts.
The regulator, which leads on oversight of Meta’s GDPR compliance, also found Meta broke the rules by failing to notify it of the breach within the required timeframe (the regulation generally stipulates breach reporting should take place no later than 72 hours after becoming aware of it). Meta also failed to properly document the breach, per the DPC.
Read more at Yahoo!Finance.