Irish privacy regulator to investigate Facebook over passwords

News by Rene Millman

Move comes as social media giant sets aside $3 billion for privacy fine in US

Ireland’s Data Protection Commission has opened an inquiry into Facebook following the discovery that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers. 

In a brief statement on its website, the commission said that it has "commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR".

In March, Facebook said in a blog post that a security review carried out in January found passwords stored in a readable format on its data storage systems.

Canada’s Privacy Commissioner has also said that plans to take the social network to court over the 2018 Cambridge Analytica scandal.

"Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company," said Privacy Commissioner of Canada Daniel Therrien. "Their privacy framework was empty, and their vague terms were so elastic that they were not meaningful for privacy protection.

"The stark contradiction between Facebook’s public promises to mend its ways on privacy and its refusal to address the serious problems we’ve identified – or even acknowledge that it broke the law – is extremely concerning."

The news comes a day after Facebook said it had set aside $3 billion for a potential privacy fine linked to an ongoing investigation by the US FTC.

As reported by SC Media UK sister publication SC Media US, the fine would be largest ever levied by the FTC.

"In the first quarter of 2019, we recorded an accrual of $3 billion in connection with the ongoing inquiry of the FTC," according to a company statement. "This matter remains unresolved, and we estimate that the associated range of loss is between $3 billion and $5 billion."

Anjola Adeniyi, technical leader for EMEA at Securonix, told SC Media UK that Ireland has a strong role to play in ensuring the world of social media complies with GDPR regulations.

"Since Canada has already found Facebook to seriously contravene it’s privacy laws, one would expect the Irish regulator may find it violating GDPR as well. The password leak happened post-GDPR and identity theft is a potential risk so the Irish regulator is also investigating Facebook’s use of personal data," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike