Irish Data Protection Commission fines Meta €91 million

Irish Data Protection Commission (DPC) fines Facebook parent company Meta €91m (£75m) , following an investigation into the storage of passwords.

An inquiry was launched in April 2019 after Meta notified the DPC that it had inadvertently stored certain passwords of social media users on its internal systems without encryption.

The decision, which was made by the commissioners for data protection, and notified to Meta on 26 September, includes a reprimand and a fine. No objections were raised by the other authorities. Meta has been found to have four breaches of General Data Protection Regulation (GDPR).

In May 2023, Meta was fined €1.2bn (£1bn) for mishandling data when transferring it between Europe and the United States. That fine was also issued by Ireland's DPC; the largest fine imposed under the EU's GDPR privacy law.

In 2022, Meta was fined €265m (£220m) after data from 533m people in 106 countries was published on a hacking forum having been "scraped" from Facebook years earlier.