Meta Appeals €91 Million GDPR Fine
Meta, the parent company of Facebook and Instagram, is seeking to overturn a €91 million fine imposed by Ireland’s data protection regulator, the Data Protection Commission (DPC). The penalty was levied for improperly storing user passwords in plaintext, a format that lacks encryption and poses significant security risks. Meta argues that the DPC did not adequately evaluate whether the fines were effective, proportionate, and dissuasive, as mandated by the General Data Protection Regulation (GDPR).
The principle of proportionality is a cornerstone of European Union law, and Meta contends that the imposed penalties are excessive. The company believes the fines exceed what is necessary to ensure compliance and deter future violations. Additionally, Meta claims that the DPC violated fair procedures by determining the fine based on its global revenue without allowing the company to fully defend its position.
In its legal challenge, Meta is asking the High Court to annul the DPC’s decision from September 2024 and the accompanying fines. The company also seeks a declaration that certain sections of the Irish Data Protection Act are unconstitutional and inconsistent with the State’s obligations under the European Convention on Human Rights. Furthermore, Meta asserts that the DPC misinterpreted a key article of the GDPR concerning personal data breaches, arguing that not all instances of plaintext passwords constituted personal data.
The case was presented to Ms. Justice Mary Rose Gearty, who granted Meta permission to pursue its claims through judicial review. This fine is one of several penalties the DPC has imposed on Meta, including a record €1.2 billion fine in May 2023 for transferring European users’ data to the U.S. Meta is also appealing this decision, along with a €251 million fine related to a data breach affecting 29 million accounts.
Source: Meta asks High Court to overturn ‘wholly disproportionate’ €91m fine
