FRESH

Hacker News

EU privacy regulator fines Meta 91M euros over password storage

84 points by impish9208

by metadat

1 subcomments

How is a fine of $100m USD calculated when there were no actual reported damages?
I'm not sympathetic to Meta making security mistakes, more curious how the punishment was decided, in lieu of causing any problems.
I wonder if it was a poorly thought out request log line or what.

by Rygian

4 subcomments

I really agree with the backdrop painted by this article:
- Meta discovered the discovered internally.
- Meta fixed the issue without delay.
- Meta took steps to show "absence of evidence" of abuse. (Does not mean "evidence of absence" though.)
- The reuters article says "Issue was disclosed voluntarily to the regulator." but the actual source [1] announces a breach of GDPR Article 33(1), for failing to notify.
- Meta was still fined 91 M€ for failing to build "data protection by design and by default" (my understanding of the fine, Articles 5 and 32 of the GDPR).
This is a positive step for security: companies being fined for being sloppy about security, even if they dutifully clean up after they mess up.
[1] https://www.dataprotection.ie/en/news-media/press-releases/D...