Thursday 19 September 2019

Watchdog opens fresh probe into Facebook over password storage

Photo: Stock
Photo: Stock
Adrian Weckler

Adrian Weckler

The data privacy watchdog has opened a new investigation into Facebook.

Its probe will aim to uncover how millions of passwords were stored in insecure "plain text" format by the tech giant.

It is the 11th statutory inquiry under way by the Irish Data Protection Commission (DPC) into Facebook or one of its subsidiaries.

Under GDPR law, the DPC can fine Facebook up to €20m or 4pc of global turnover.

"The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers," said a statement from the Irish DPC.

"We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR."

Facebook initially underestimated the number of accounts affected and still claims the improperly stored passwords "were not internally abused or improperly accessed".

Meanwhile, the DPC said in February that it expected to conclude the first of its investigations into the social media company's use of personal data this summer and the remainder by the end of the year.

Facebook has said it expects to pay a fine of between $3bn (€2.7bn) and €5bn to US authorities.

The US Federal Trade Commission has been investigating revelations that Facebook inappropriately shared information belonging to 87 million of its users with the now-defunct British political consulting firm Cambridge Analytica.

The probe has focused on whether the sharing of data and other disputes violated a 2011 agreement with the FTC to safeguard user privacy.

Separately, Canada's federal privacy commissioner yesterday announced the results of a probe that found the company had committed serious contraventions of privacy law and failed to take responsibility for protecting the personal information of citizens.

Amid the investigations for data problems, Facebook is currently trying to push ahead with attempts to let people send messages between Facebook, WhatsApp and Instagram.

"We plan to start by making it possible for you to send messages to your contacts using any of our services, and then to extend that interoperability to SMS too," said boss Mark Zuckerberg in a recent memo.

"Of course, this would be opt-in and you will be able to keep your accounts separate if you'd like."

However, Irish Data Protection Commissioner Helen Dixon recently told the Irish Independent Facebook doesn't yet have the clearance to do it.

The Irish data watchdog has also denied accusations in the online 'Politico Europe' publication that it has been too lax on tech multinational firms here.

Irish Independent

Also in Business